All the vulnerabilites related to Google Inc. - Android
cve-2016-8471
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31528890. References: MT-ALPS02961380.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95235 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.406Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95235", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95235" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31528890. References: MT-ALPS02961380." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95235", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95235" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8471", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31528890. References: MT-ALPS02961380." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95235", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95235" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8471", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.406Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0649
Vulnerability from cvelistv5
Published
2017-06-14 13:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android. Versions: N/A. Android ID: A-34468195. References: M-ALPS03162283.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98866 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-N/A |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.946Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98866", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98866" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-N/A" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android. Versions: N/A. Android ID: A-34468195. References: M-ALPS03162283." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-07T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98866", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98866" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0649", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-N/A" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android. Versions: N/A. Android ID: A-34468195. References: M-ALPS03162283." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98866", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98866" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0649", "datePublished": "2017-06-14T13:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.946Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13307
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-16 16:24
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Upstream kernel pci sysfs. Product: Android. Versions: Android kernel. Android ID: A-69128924.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.541Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Upstream kernel pci sysfs. Product: Android. Versions: Android kernel. Android ID: A-69128924." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13307", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Upstream kernel pci sysfs. Product: Android. Versions: Android kernel. Android ID: A-69128924." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13307", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T16:24:04.305Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9523
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112859604
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105847 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.918Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105847", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105847" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112859604" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-15T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105847", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105847" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9523", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112859604" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "105847", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105847" }, { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9523", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.918Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-9014
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-16 22:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393750.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98874 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:36:31.911Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393750." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-06-05T00:00:00", "ID": "CVE-2015-9014", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393750." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2015-9014", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-09-16T22:03:32.709Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0780
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-17 01:51
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android runtime (android messenger). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37742976.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100674 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.337Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100674", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100674" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android runtime (android messenger). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37742976." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100674", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100674" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0780", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android runtime (android messenger). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37742976." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100674", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100674" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0780", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T01:51:58.077Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13230
Vulnerability from cvelistv5
Published
2018-02-12 19:00
Modified
2024-09-17 01:11
Severity ?
EPSS score ?
Summary
In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65483665.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-02-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102976 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.547Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-02-01" }, { "name": "102976", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102976" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65483665." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-02-01" }, { "name": "102976", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102976" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-02-05T00:00:00", "ID": "CVE-2017-13230", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65483665." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-02-01" }, { "name": "102976", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102976" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13230", "datePublished": "2018-02-12T19:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T01:11:39.394Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13233
Vulnerability from cvelistv5
Published
2018-02-12 19:00
Modified
2024-09-16 17:57
Severity ?
EPSS score ?
Summary
In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible resource exhaustion. This could lead to a remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62851602.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-02-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102976 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.859Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-02-01" }, { "name": "102976", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102976" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible resource exhaustion. This could lead to a remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62851602." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-02-01" }, { "name": "102976", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102976" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-02-05T00:00:00", "ID": "CVE-2017-13233", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible resource exhaustion. This could lead to a remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62851602." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-02-01" }, { "name": "102976", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102976" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13233", "datePublished": "2018-02-12T19:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T17:57:50.224Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13264
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-09-16 22:25
Severity ?
EPSS score ?
Summary
A other vulnerability in the Android media framework (Avcdec). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70294343.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-03-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.787Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A other vulnerability in the Android media framework (Avcdec). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70294343." } ], "problemTypes": [ { "descriptions": [ { "description": "Other", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T16:57:02", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2017-13264", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A other vulnerability in the Android media framework (Avcdec). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70294343." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Other" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13264", "datePublished": "2018-04-04T17:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T22:25:53.924Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6777
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31910462. References: N-CVE-2016-6777.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94674 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://nvidia.custhelp.com/app/answers/detail/a_id/4561 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.764Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94674", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94674" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31910462. References: N-CVE-2016-6777." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-18T17:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94674", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94674" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6777", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31910462. References: N-CVE-2016-6777." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "94674", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94674" }, { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6777", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.764Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0681
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-17 03:47
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37208566.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.788Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37208566." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0681", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37208566." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0681", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:47:45.656Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6770
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-30202228.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94702 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.715Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94702", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94702" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-30202228." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94702", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94702" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6770", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-30202228." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94702", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94702" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6770", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.715Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0615
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34259126. References: M-ALPS03150278.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98188 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.672Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98188", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98188" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34259126. References: M-ALPS03150278." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98188", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98188" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0615", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34259126. References: M-ALPS03150278." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "98188", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98188" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0615", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.672Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13265
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-09-17 02:41
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Android system (OTA updates). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-36232423.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-03-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.991Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Android system (OTA updates). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-36232423." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T16:57:02", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2017-13265", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Android system (OTA updates). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-36232423." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13265", "datePublished": "2018-04-04T17:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T02:41:40.807Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9557
Vulnerability from cvelistv5
Published
2018-12-06 14:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In really_install_package of install.cpp, there is a possible free of arbitrary memory due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2. Android ID: A-35385357.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/106147 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.160Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "106147", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106147" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2018-12-06T00:00:00", "descriptions": [ { "lang": "en", "value": "In really_install_package of install.cpp, there is a possible free of arbitrary memory due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2. Android ID: A-35385357." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-11T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "106147", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106147" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9557", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In really_install_package of install.cpp, there is a possible free of arbitrary memory due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2. Android ID: A-35385357." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "106147", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106147" }, { "name": "https://source.android.com/security/bulletin/2018-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9557", "datePublished": "2018-12-06T14:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.160Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9562
Vulnerability from cvelistv5
Published
2018-12-06 14:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In bta_ag_do_disc of bta_ag_sdp.cc, there is a possible out-of-bound read due to an incorrect parameter size. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113164621.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/106147 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.089Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "106147", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106147" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-12-06T00:00:00", "descriptions": [ { "lang": "en", "value": "In bta_ag_do_disc of bta_ag_sdp.cc, there is a possible out-of-bound read due to an incorrect parameter size. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113164621." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-11T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "106147", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106147" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9562", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In bta_ag_do_disc of bta_ag_sdp.cc, there is a possible out-of-bound read due to an incorrect parameter size. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113164621." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "106147", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106147" }, { "name": "https://source.android.com/security/bulletin/2018-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9562", "datePublished": "2018-12-06T14:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.089Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10276
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32952839. References: QC-CR#1094105.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98148 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.895Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98148", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98148" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32952839. References: QC-CR#1094105." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98148", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98148" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-10276", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32952839. References: QC-CR#1094105." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98148", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98148" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10276", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-08-06T03:14:42.895Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6785
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31748056. References: MT-ALPS02961400.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94683 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.915Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94683", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94683" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31748056. References: MT-ALPS02961400." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94683", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94683" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6785", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31748056. References: MT-ALPS02961400." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94683", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94683" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6785", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.915Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-9959
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-16 19:51
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36383694.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98874 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:02:37.678Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36383694." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-06-05T00:00:00", "ID": "CVE-2014-9959", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36383694." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2014-9959", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-09-16T19:51:28.779Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0420
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32615212.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96093 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.164Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96093", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96093" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32615212." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96093", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96093" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0420", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32615212." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "96093", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96093" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0420", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.164Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6739
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30074605. References: Qualcomm QC-CR#1049826.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94142 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.550Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94142", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94142" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30074605. References: Qualcomm QC-CR#1049826." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94142", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94142" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6739", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30074605. References: Qualcomm QC-CR#1049826." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94142", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94142" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6739", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.550Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6758
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148882. References: QC-CR#1071731.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94677 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.713Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94677", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94677" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148882. References: QC-CR#1071731." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94677", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94677" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6758", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148882. References: QC-CR#1071731." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94677", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94677" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6758", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.713Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0418
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32703959.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96055 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.197Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96055", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96055" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32703959." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96055", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96055" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0418", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32703959." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96055", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96055" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0418", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.197Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0639
Vulnerability from cvelistv5
Published
2017-06-14 13:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35310991.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98871 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.898Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98871", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98871" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35310991." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-07T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98871", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98871" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0639", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35310991." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98871", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98871" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0639", "datePublished": "2017-06-14T13:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.898Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8459
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
Possible buffer overflow in storage subsystem. Bad parameters as part of listener responses to RPMB commands could lead to buffer overflow. Product: Android. Versions: Kernel 3.18. Android ID: A-32577972. References: QC-CR#988462.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95227 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.405Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95227" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "Possible buffer overflow in storage subsystem. Bad parameters as part of listener responses to RPMB commands could lead to buffer overflow. Product: Android. Versions: Kernel 3.18. Android ID: A-32577972. References: QC-CR#988462." } ], "problemTypes": [ { "descriptions": [ { "description": "Buffer Overflow", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95227" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8459", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Possible buffer overflow in storage subsystem. Bad parameters as part of listener responses to RPMB commands could lead to buffer overflow. Product: Android. Versions: Kernel 3.18. Android ID: A-32577972. References: QC-CR#988462." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95227" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8459", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.405Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-9954
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-16 19:19
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36388559.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98874 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:02:37.411Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36388559." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-06-05T00:00:00", "ID": "CVE-2014-9954", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36388559." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2014-9954", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-09-16T19:19:16.452Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0696
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 18:03
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207120.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:04.458Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207120." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0696", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207120." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0696", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T18:03:18.350Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0739
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-17 00:45
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37712181.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.443Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37712181." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0739", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37712181." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0739", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T00:45:58.919Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13241
Vulnerability from cvelistv5
Published
2018-02-12 19:00
Modified
2024-09-17 03:43
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-69065651.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-02-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/103017 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:17.919Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" }, { "name": "103017", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103017" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-69065651." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-15T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" }, { "name": "103017", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103017" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-02-05T00:00:00", "ID": "CVE-2017-13241", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-69065651." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" }, { "name": "103017", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103017" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13241", "datePublished": "2018-02-12T19:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T03:43:47.268Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10298
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-16 22:09
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393252.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98874 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.842Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393252." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-06-05T00:00:00", "ID": "CVE-2016-10298", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393252." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10298", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-09-16T22:09:53.144Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0607
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35400551. References: QC-CR#1085928.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98171 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.645Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98171", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98171" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35400551. References: QC-CR#1085928." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98171", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98171" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0607", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35400551. References: QC-CR#1085928." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "98171", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98171" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0607", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.645Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0583
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm CP access driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32068683. References: QC-CR#1103788.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97368 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.574Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97368", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97368" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm CP access driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32068683. References: QC-CR#1103788." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97368", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97368" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0583", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm CP access driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32068683. References: QC-CR#1103788." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97368", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97368" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0583", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.574Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0859
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-16 23:20
Severity ?
EPSS score ?
Summary
Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36075131.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.421Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36075131." } ], "problemTypes": [ { "descriptions": [ { "description": "Other", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-16T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0859", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36075131." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Other" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0859", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T23:20:38.785Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13232
Vulnerability from cvelistv5
Published
2018-02-12 19:00
Modified
2024-09-16 23:35
Severity ?
EPSS score ?
Summary
In audioserver, there is an out-of-bounds write due to a log statement using %s with an array that may not be NULL terminated. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68953950.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-02-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102976 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:17.893Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-02-01" }, { "name": "102976", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102976" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In audioserver, there is an out-of-bounds write due to a log statement using %s with an array that may not be NULL terminated. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68953950." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-02-01" }, { "name": "102976", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102976" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-02-05T00:00:00", "ID": "CVE-2017-13232", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In audioserver, there is an out-of-bounds write due to a log statement using %s with an array that may not be NULL terminated. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68953950." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-02-01" }, { "name": "102976", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102976" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13232", "datePublished": "2018-02-12T19:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T23:35:50.251Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0533
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32509422. References: QC-CR#1088206.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96734 | vdb-entry, x_refsource_BID | |
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.935Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96734", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96734" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32509422. References: QC-CR#1088206." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96734", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96734" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0533", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32509422. References: QC-CR#1088206." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96734", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96734" }, { "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f", "refsource": "CONFIRM", "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0533", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.935Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13281
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-16 18:54
Severity ?
EPSS score ?
Summary
In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71603262.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.036Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71603262." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13281", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71603262." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13281", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T18:54:14.872Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9363
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-16 18:38
Severity ?
EPSS score ?
Summary
In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3797-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3797-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html | mailing-list, x_refsource_MLIST | |
https://usn.ubuntu.com/3820-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3820-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://access.redhat.com/errata/RHSA-2018:2948 | vendor-advisory, x_refsource_REDHAT | |
https://www.debian.org/security/2018/dsa-4308 | vendor-advisory, x_refsource_DEBIAN | |
https://source.android.com/security/bulletin/2018-06-01 | x_refsource_CONFIRM | |
https://usn.ubuntu.com/3822-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3822-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3820-3/ | vendor-advisory, x_refsource_UBUNTU | |
https://access.redhat.com/errata/RHSA-2019:2043 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2019:2029 | vendor-advisory, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:17:52.252Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3797-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3797-2/" }, { "name": "USN-3797-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3797-1/" }, { "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" }, { "name": "USN-3820-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3820-1/" }, { "name": "USN-3820-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3820-2/" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "DSA-4308", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4308" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-06-01" }, { "name": "USN-3822-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3822-2/" }, { "name": "USN-3822-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3822-1/" }, { "name": "USN-3820-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3820-3/" }, { "name": "RHSA-2019:2043", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2043" }, { "name": "RHSA-2019:2029", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2029" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-08-06T16:06:22", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "USN-3797-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3797-2/" }, { "name": "USN-3797-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3797-1/" }, { "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" }, { "name": "USN-3820-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3820-1/" }, { "name": "USN-3820-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3820-2/" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "DSA-4308", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4308" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-06-01" }, { "name": "USN-3822-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3822-2/" }, { "name": "USN-3822-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3822-1/" }, { "name": "USN-3820-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3820-3/" }, { "name": "RHSA-2019:2043", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2043" }, { "name": "RHSA-2019:2029", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2029" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9363", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3797-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3797-2/" }, { "name": "USN-3797-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3797-1/" }, { "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" }, { "name": "USN-3820-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3820-1/" }, { "name": "USN-3820-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3820-2/" }, { "name": "RHSA-2018:2948", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "DSA-4308", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4308" }, { "name": "https://source.android.com/security/bulletin/2018-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-06-01" }, { "name": "USN-3822-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3822-2/" }, { "name": "USN-3822-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3822-1/" }, { "name": "USN-3820-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3820-3/" }, { "name": "RHSA-2019:2043", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2043" }, { "name": "RHSA-2019:2029", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2029" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9363", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T18:38:38.597Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0589
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34897036.
References
▼ | URL | Tags |
---|---|---|
https://android.googlesource.com/platform/external/libhevc/+/bcfc7124f6ef9f1ec128fb2e90de774a5b33d199 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98122 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.534Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/bcfc7124f6ef9f1ec128fb2e90de774a5b33d199" }, { "name": "98122", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98122" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34897036." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/bcfc7124f6ef9f1ec128fb2e90de774a5b33d199" }, { "name": "98122", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98122" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0589", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34897036." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://android.googlesource.com/platform/external/libhevc/+/bcfc7124f6ef9f1ec128fb2e90de774a5b33d199", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libhevc/+/bcfc7124f6ef9f1ec128fb2e90de774a5b33d199" }, { "name": "98122", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98122" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0589", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.534Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9506
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-16 17:22
Severity ?
EPSS score ?
Summary
In avrc_msg_cback of avrc_api.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111803925
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105482 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-10-01%2C | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/system/bt/+/830cb39cb2a0f1bf6704d264e2a5c5029c175dd7 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:54.919Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/system/bt/+/830cb39cb2a0f1bf6704d264e2a5c5029c175dd7" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In avrc_msg_cback of avrc_api.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111803925" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/system/bt/+/830cb39cb2a0f1bf6704d264e2a5c5029c175dd7" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9506", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In avrc_msg_cback of avrc_api.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111803925" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "105482", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105482" }, { "name": "https://source.android.com/security/bulletin/2018-10-01,", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01," }, { "name": "https://android.googlesource.com/platform/system/bt/+/830cb39cb2a0f1bf6704d264e2a5c5029c175dd7", "refsource": "MISC", "url": "https://android.googlesource.com/platform/system/bt/+/830cb39cb2a0f1bf6704d264e2a5c5029c175dd7" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9506", "datePublished": "2018-10-02T19:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T17:22:39.902Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13212
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 22:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Android system (systemui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187985.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-01-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.620Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Android system (systemui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187985." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-12T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13212", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Android system (systemui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187985." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13212", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T22:03:03.815Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8472
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31531758. References: MT-ALPS02961384.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95235 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.337Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95235", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95235" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31531758. References: MT-ALPS02961384." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95235", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95235" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8472", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31531758. References: MT-ALPS02961384." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95235", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95235" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8472", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.337Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0571
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34203305. References: B-RB#111541.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97331 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.603Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97331", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97331" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34203305. References: B-RB#111541." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97331", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97331" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0571", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34203305. References: B-RB#111541." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97331", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97331" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0571", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.603Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6761
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29421682. References: QC-CR#1055792.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94677 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.868Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94677", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94677" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29421682. References: QC-CR#1055792." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94677", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94677" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6761", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29421682. References: QC-CR#1055792." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94677", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94677" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6761", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.868Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0752
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 19:26
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Android framework (windowmanager). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100673 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.069Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100673", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100673" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Android framework (windowmanager). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100673", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100673" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0752", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Android framework (windowmanager). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100673", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100673" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0752", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T19:26:02.830Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0703
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 18:09
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33123882.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99472 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:04.932Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99472", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99472" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33123882." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99472", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99472" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0703", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33123882." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99472", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99472" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0703", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T18:09:21.761Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0405
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in Surfaceflinger could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Surfaceflinger process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-31960359.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96048 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.146Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96048", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96048" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in Surfaceflinger could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Surfaceflinger process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-31960359." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96048", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96048" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0405", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in Surfaceflinger could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Surfaceflinger process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-31960359." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96048", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96048" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0405", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.146Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0409
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in libstagefright could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31999646.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96091 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.156Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96091", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96091" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in libstagefright could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31999646." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96091", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96091" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0409", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in libstagefright could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31999646." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96091", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96091" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0409", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.156Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9568
Vulnerability from cvelistv5
Published
2018-12-06 14:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.108Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2019:0512", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:0512" }, { "name": "USN-3880-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3880-1/" }, { "name": "USN-3880-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3880-2/" }, { "name": "RHSA-2019:0514", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:0514" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-12-01" }, { "name": "RHSA-2019:2696", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2696" }, { "name": "RHSA-2019:2730", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2730" }, { "name": "RHSA-2019:2736", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2736" }, { "name": "RHSA-2019:3967", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3967" }, { "name": "RHSA-2019:4056", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:4056" }, { "name": "RHSA-2019:4159", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:4159" }, { "name": "RHSA-2019:4164", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:4164" }, { "name": "RHSA-2019:4255", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:4255" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-12-06T00:00:00", "descriptions": [ { "lang": "en", "value": "In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-12-17T13:06:02", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "RHSA-2019:0512", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:0512" }, { "name": "USN-3880-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3880-1/" }, { "name": "USN-3880-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3880-2/" }, { "name": "RHSA-2019:0514", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:0514" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-12-01" }, { "name": "RHSA-2019:2696", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2696" }, { "name": "RHSA-2019:2730", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2730" }, { "name": "RHSA-2019:2736", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2736" }, { "name": "RHSA-2019:3967", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3967" }, { "name": "RHSA-2019:4056", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:4056" }, { "name": "RHSA-2019:4159", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:4159" }, { "name": "RHSA-2019:4164", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:4164" }, { "name": "RHSA-2019:4255", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:4255" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9568", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2019:0512", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0512" }, { "name": "USN-3880-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3880-1/" }, { "name": "USN-3880-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3880-2/" }, { "name": "RHSA-2019:0514", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0514" }, { "name": "https://source.android.com/security/bulletin/2018-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-12-01" }, { "name": "RHSA-2019:2696", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2696" }, { "name": "RHSA-2019:2730", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2730" }, { "name": "RHSA-2019:2736", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2736" }, { "name": "RHSA-2019:3967", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3967" }, { "name": "RHSA-2019:4056", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4056" }, { "name": "RHSA-2019:4159", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4159" }, { "name": "RHSA-2019:4164", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4164" }, { "name": "RHSA-2019:4255", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4255" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9568", "datePublished": "2018-12-06T14:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.108Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0572
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-34198931. References: B-RB#112597.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97331 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.352Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97331", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97331" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-34198931. References: B-RB#112597." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97331", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97331" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0572", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-34198931. References: B-RB#112597." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97331", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97331" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0572", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.352Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13215
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 17:59
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/102390 | vdb-entry, x_refsource_BID | |
https://access.redhat.com/errata/RHSA-2018:2395 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2018:2384 | vendor-advisory, x_refsource_REDHAT | |
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK | |
https://access.redhat.com/errata/RHSA-2019:1170 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2019:1190 | vendor-advisory, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.703Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "102390", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102390" }, { "name": "RHSA-2018:2395", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2395" }, { "name": "RHSA-2018:2384", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2384" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1190" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-14T22:06:08", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "102390", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102390" }, { "name": "RHSA-2018:2395", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2395" }, { "name": "RHSA-2018:2384", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2384" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1190" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13215", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "102390", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102390" }, { "name": "RHSA-2018:2395", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2395" }, { "name": "RHSA-2018:2384", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2384" }, { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" }, { "name": "RHSA-2019:1170", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1190" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13215", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T17:59:42.805Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-9011
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-17 01:16
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714882.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98874 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:36:31.615Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714882." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-06-05T00:00:00", "ID": "CVE-2015-9011", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714882." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2015-9011", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-09-17T01:16:23.097Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0684
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 23:26
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35421151.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.952Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35421151." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0684", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35421151." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0684", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T23:26:57.864Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0676
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 18:24
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34896431.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.942Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34896431." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0676", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34896431." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0676", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T18:24:12.668Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-9013
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-17 03:43
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393251.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98874 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:36:31.669Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393251." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-06-05T00:00:00", "ID": "CVE-2015-9013", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393251." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2015-9013", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-09-17T03:43:25.908Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0548
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote denial of service vulnerability in libskia could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33251605.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97398 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.282Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97398", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97398" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote denial of service vulnerability in libskia could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33251605." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97398", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97398" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0548", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote denial of service vulnerability in libskia could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33251605." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97398", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97398" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0548", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.282Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0716
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-16 20:17
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37203196.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.968Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37203196." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0716", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37203196." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0716", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T20:17:07.876Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13254
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-09-17 01:41
Severity ?
EPSS score ?
Summary
A other vulnerability in the Android media framework (AACExtractor). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70239507.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-03-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:17.934Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A other vulnerability in the Android media framework (AACExtractor). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70239507." } ], "problemTypes": [ { "descriptions": [ { "description": "Other", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T16:57:02", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2017-13254", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A other vulnerability in the Android media framework (AACExtractor). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70239507." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Other" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13254", "datePublished": "2018-04-04T17:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T01:41:20.028Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6757
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148242. References: QC-CR#1052821.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94693 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.985Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94693", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94693" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148242. References: QC-CR#1052821." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94693", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94693" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6757", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148242. References: QC-CR#1052821." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94693", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94693" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6757", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.985Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0468
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33351708.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96717 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.529Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96717" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33351708." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96717" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0468", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33351708." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96717" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0468", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.529Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0835
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-17 03:23
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63316832.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-11-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101717 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.512Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101717", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101717" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63316832." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-17T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101717", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101717" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0835", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63316832." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101717", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101717" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0835", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:23:06.044Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0678
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-17 01:36
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36576151.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.708Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36576151." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0678", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36576151." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0678", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T01:36:48.149Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6700
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in libzipfile in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30916186.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94159 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.425Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94159", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94159" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in libzipfile in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30916186." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94159", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94159" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6700", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in libzipfile in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30916186." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94159", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94159" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6700", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.425Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0440
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33252788. References: QC-CR#1095770.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96047 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.139Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96047", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33252788. References: QC-CR#1095770." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96047", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0440", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33252788. References: QC-CR#1095770." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96047", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0440", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.139Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0595
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34705519.
References
▼ | URL | Tags |
---|---|---|
https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1 | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98129 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.687Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98129", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98129" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34705519." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98129", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98129" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0595", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34705519." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98129", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98129" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0595", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.687Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9550
Vulnerability from cvelistv5
Published
2018-12-06 14:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In CAacDecoder_Init of aacdecoder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112660981.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/106137 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.265Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "106137", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106137" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-12-06T00:00:00", "descriptions": [ { "lang": "en", "value": "In CAacDecoder_Init of aacdecoder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112660981." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-08T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "106137", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106137" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9550", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In CAacDecoder_Init of aacdecoder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112660981." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "106137", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106137" }, { "name": "https://source.android.com/security/bulletin/2018-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9550", "datePublished": "2018-12-06T14:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.265Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0523
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-32835279. References: QC-CR#1096945.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=5bb646471da76d3d5cd02cf3da7a03ce6e3cb582 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/96735 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.056Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=5bb646471da76d3d5cd02cf3da7a03ce6e3cb582" }, { "name": "96735", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96735" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-32835279. References: QC-CR#1096945." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=5bb646471da76d3d5cd02cf3da7a03ce6e3cb582" }, { "name": "96735", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96735" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0523", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-32835279. References: QC-CR#1096945." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=5bb646471da76d3d5cd02cf3da7a03ce6e3cb582", "refsource": "CONFIRM", "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=5bb646471da76d3d5cd02cf3da7a03ce6e3cb582" }, { "name": "96735", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96735" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0523", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.056Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8396
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the MediaTek video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-31249105.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94712 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.172Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94712", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94712" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the MediaTek video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-31249105." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94712", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94712" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8396", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the MediaTek video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-31249105." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94712", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94712" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8396", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.172Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0611
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393841. References: QC-CR#1084210.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98177 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.702Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98177", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98177" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393841. References: QC-CR#1084210." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98177", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98177" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0611", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393841. References: QC-CR#1084210." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98177", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98177" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0611", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.702Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13262
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-09-16 18:29
Severity ?
EPSS score ?
Summary
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing length decrement operation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69271284.
References
▼ | URL | Tags |
---|---|---|
https://www.exploit-db.com/exploits/44327/ | exploit, x_refsource_EXPLOIT-DB | |
https://source.android.com/security/bulletin/2018-03-01 | x_refsource_CONFIRM | |
https://www.exploit-db.com/exploits/44326/ | exploit, x_refsource_EXPLOIT-DB | |
http://www.securityfocus.com/bid/103253 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.777Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "44327", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/44327/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "44326", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/44326/" }, { "name": "103253", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103253" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing length decrement operation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69271284." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "44327", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/44327/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "44326", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/44326/" }, { "name": "103253", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103253" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2017-13262", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing length decrement operation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69271284." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "44327", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44327/" }, { "name": "https://source.android.com/security/bulletin/2018-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "44326", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44326/" }, { "name": "103253", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103253" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13262", "datePublished": "2018-04-04T17:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T18:29:29.191Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0861
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-16 19:09
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.391Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2018:3083", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3617-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3617-1/" }, { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "USN-3617-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3617-3/" }, { "name": "USN-3583-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3583-2/" }, { "name": "USN-3632-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3632-1/" }, { "name": "RHSA-2018:2390", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2390" }, { "name": "USN-3583-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3583-1/" }, { "name": "[secure-testing-commits] 20171206 r58306 - data/CVE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.alioth.debian.org/pipermail/secure-testing-commits/2017-December/059967.html" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3617-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3617-2/" }, { "name": "RHSA-2018:3096", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3096" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-1/" }, { "name": "102329", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102329" }, { "name": "RHSA-2020:0036", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0036" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2017-0861" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-15T02:22:55", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "RHSA-2018:3083", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3617-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3617-1/" }, { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "USN-3617-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3617-3/" }, { "name": "USN-3583-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3583-2/" }, { "name": "USN-3632-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3632-1/" }, { "name": "RHSA-2018:2390", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2390" }, { "name": "USN-3583-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3583-1/" }, { "name": "[secure-testing-commits] 20171206 r58306 - data/CVE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.alioth.debian.org/pipermail/secure-testing-commits/2017-December/059967.html" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3617-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3617-2/" }, { "name": "RHSA-2018:3096", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3096" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-1/" }, { "name": "102329", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102329" }, { "name": "RHSA-2020:0036", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0036" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security-tracker.debian.org/tracker/CVE-2017-0861" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0861", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2018:3083", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3617-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3617-1/" }, { "name": "USN-3619-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "USN-3617-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3617-3/" }, { "name": "USN-3583-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3583-2/" }, { "name": "USN-3632-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3632-1/" }, { "name": "RHSA-2018:2390", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2390" }, { "name": "USN-3583-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3583-1/" }, { "name": "[secure-testing-commits] 20171206 r58306 - data/CVE", "refsource": "MLIST", "url": "http://lists.alioth.debian.org/pipermail/secure-testing-commits/2017-December/059967.html" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3617-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3617-2/" }, { "name": "RHSA-2018:3096", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3096" }, { "name": "USN-3619-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-1/" }, { "name": "102329", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102329" }, { "name": "RHSA-2020:0036", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0036" }, { "name": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", "refsource": "CONFIRM", "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229", "refsource": "CONFIRM", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229" }, { "name": "https://security-tracker.debian.org/tracker/CVE-2017-0861", "refsource": "CONFIRM", "url": "https://security-tracker.debian.org/tracker/CVE-2017-0861" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0861", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T19:09:26.250Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0575
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32658595. References: QC-CR#1103099.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97403 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.293Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97403", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97403" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32658595. References: QC-CR#1103099." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97403", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97403" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0575", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32658595. References: QC-CR#1103099." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97403", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97403" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0575", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.293Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9504
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-16 20:01
Severity ?
EPSS score ?
Summary
In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110216176
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105482 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-10-01%2C | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/system/bt/+/11fb7aa03437eccac98d90ca2de1730a02a515e2 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.010Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/system/bt/+/11fb7aa03437eccac98d90ca2de1730a02a515e2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110216176" } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/system/bt/+/11fb7aa03437eccac98d90ca2de1730a02a515e2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9504", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110216176" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "105482", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105482" }, { "name": "https://source.android.com/security/bulletin/2018-10-01,", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01," }, { "name": "https://android.googlesource.com/platform/system/bt/+/11fb7aa03437eccac98d90ca2de1730a02a515e2", "refsource": "MISC", "url": "https://android.googlesource.com/platform/system/bt/+/11fb7aa03437eccac98d90ca2de1730a02a515e2" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9504", "datePublished": "2018-10-02T19:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T20:01:24.684Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6782
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31224389. References: MT-ALPS02943506.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94683 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:38.035Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94683", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94683" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31224389. References: MT-ALPS02943506." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94683", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94683" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6782", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31224389. References: MT-ALPS02943506." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94683", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94683" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6782", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:38.035Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10274
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202412. References: M-ALPS02897901.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98145 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.929Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98145", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98145" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202412. References: M-ALPS02897901." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-24T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98145", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98145" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-10274", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202412. References: M-ALPS02897901." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98145", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98145" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10274", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-08-06T03:14:42.929Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0603
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35763994.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/frameworks/av/+/36b04932bb93cc3269279282686b439a17a89920 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98143 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.611Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/36b04932bb93cc3269279282686b439a17a89920" }, { "name": "98143", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98143" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35763994." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/36b04932bb93cc3269279282686b439a17a89920" }, { "name": "98143", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98143" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0603", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35763994." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "https://android.googlesource.com/platform/frameworks/av/+/36b04932bb93cc3269279282686b439a17a89920", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/av/+/36b04932bb93cc3269279282686b439a17a89920" }, { "name": "98143", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98143" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0603", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.611Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-9956
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-16 18:45
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36389611.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98874 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:02:37.268Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36389611." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-06-05T00:00:00", "ID": "CVE-2014-9956", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36389611." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2014-9956", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-09-16T18:45:22.700Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13197
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 19:10
Severity ?
EPSS score ?
Summary
In the ihevcd_parse_slice.c function, slave threads are not joined if there is an error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64784973.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/102414 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.771Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102414" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In the ihevcd_parse_slice.c function, slave threads are not joined if there is an error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64784973." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102414" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13197", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the ihevcd_parse_slice.c function, slave threads are not joined if there is an error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64784973." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102414" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13197", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T19:10:13.070Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0823
Vulnerability from cvelistv5
Published
2017-10-03 21:00
Modified
2024-09-17 01:52
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android system (rild). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37896655.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-10-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/hardware/ril/+/cd5f15f588a5d27e99ba12f057245bfe507f8c42 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.231Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/hardware/ril/+/cd5f15f588a5d27e99ba12f057245bfe507f8c42" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android system (rild). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37896655." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-03T20:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/hardware/ril/+/cd5f15f588a5d27e99ba12f057245bfe507f8c42" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-10-02T00:00:00", "ID": "CVE-2017-0823", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android system (rild). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37896655." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "name": "https://android.googlesource.com/platform/hardware/ril/+/cd5f15f588a5d27e99ba12f057245bfe507f8c42", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/hardware/ril/+/cd5f15f588a5d27e99ba12f057245bfe507f8c42" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0823", "datePublished": "2017-10-03T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T01:52:06.144Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0665
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 22:25
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36991414.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/99470 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.827Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "99470", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99470" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36991414." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "99470", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99470" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0665", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36991414." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "99470", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99470" }, { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0665", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T22:25:08.437Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9533
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out of write read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112766520
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.893Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out of write read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112766520" } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-14T17:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9533", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out of write read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112766520" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9533", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.893Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13157
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-17 01:51
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32990341.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/102109 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.432Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "102109", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102109" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32990341." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-09T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "102109", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102109" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13157", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32990341." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "102109", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102109" }, { "name": "https://source.android.com/security/bulletin/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13157", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T01:51:37.017Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8431
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32402179. References: N-CVE-2016-8431.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95236 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.364Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95236", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95236" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32402179. References: N-CVE-2016-8431." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95236", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95236" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8431", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32402179. References: N-CVE-2016-8431." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95236", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95236" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8431", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.364Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6749
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30228438. References: Qualcomm QC-CR#1052818.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94139 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.557Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94139", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94139" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30228438. References: Qualcomm QC-CR#1052818." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94139", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94139" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6749", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30228438. References: Qualcomm QC-CR#1052818." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94139", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94139" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6749", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.557Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0399
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32588756.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95226 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.060Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac" }, { "name": "95226", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95226" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32588756." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac" }, { "name": "95226", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95226" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0399", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32588756." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac" }, { "name": "95226", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95226" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0399", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.060Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9444
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-16 17:22
Severity ?
EPSS score ?
Summary
In ih264d_video_decode of ih264d_api.c there is a possible resource exhaustion due to an infinite loop. This could lead to remote temporary device denial of service (remote hang or reboot) with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android ID: A-63521984.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-08-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1041432 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:17:51.848Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041432" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In ih264d_video_decode of ih264d_api.c there is a possible resource exhaustion due to an infinite loop. This could lead to remote temporary device denial of service (remote hang or reboot) with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android ID: A-63521984." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041432" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9444", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ih264d_video_decode of ih264d_api.c there is a possible resource exhaustion due to an infinite loop. This could lead to remote temporary device denial of service (remote hang or reboot) with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android ID: A-63521984." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041432" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9444", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T17:22:59.792Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9521
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111874331
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105865 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.910Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105865", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105865" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111874331" } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-15T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105865", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105865" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9521", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111874331" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "105865", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105865" }, { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9521", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.910Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-9957
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-16 18:24
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36387564.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98874 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:02:37.181Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36387564." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-06-05T00:00:00", "ID": "CVE-2014-9957", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36387564." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2014-9957", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-09-16T18:24:14.140Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13175
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 23:50
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the NVIDIA libwilhelm. Product: Android. Versions: Android kernel. Android ID A-64339309. References: N-CVE-2017-13175.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.646Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the NVIDIA libwilhelm. Product: Android. Versions: Android kernel. Android ID A-64339309. References: N-CVE-2017-13175." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-06T13:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13175", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the NVIDIA libwilhelm. Product: Android. Versions: Android kernel. Android ID A-64339309. References: N-CVE-2017-13175." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13175", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T23:50:25.452Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0400
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32584034.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95226 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.025Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac" }, { "name": "95226", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95226" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32584034." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac" }, { "name": "95226", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95226" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0400", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32584034." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac" }, { "name": "95226", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95226" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0400", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.025Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8458
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31968442.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95279 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.336Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95279", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95279" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31968442." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95279", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95279" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8458", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31968442." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95279", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95279" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8458", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.336Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0666
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 18:34
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37285689.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/99470 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.912Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "99470", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99470" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37285689." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "99470", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99470" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0666", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37285689." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "99470", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99470" }, { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0666", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T18:34:46.568Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0708
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-17 03:58
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the HTC sound driver. Product: Android. Versions: Android kernel. Android ID: A-35384879.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99474 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.486Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99474", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99474" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the HTC sound driver. Product: Android. Versions: Android kernel. Android ID: A-35384879." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99474", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99474" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0708", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the HTC sound driver. Product: Android. Versions: Android kernel. Android ID: A-35384879." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99474", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99474" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0708", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:58:48.422Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6781
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31095175. References: MT-ALPS02943455.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94683 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.890Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94683", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94683" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31095175. References: MT-ALPS02943455." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94683", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94683" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6781", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31095175. References: MT-ALPS02943455." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94683", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94683" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6781", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.890Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0691
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 21:57
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36724453.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:04.981Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36724453." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0691", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36724453." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0691", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T21:57:56.101Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8445
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31747590. References: MT-ALPS02968983.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95229 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.344Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95229", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95229" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31747590. References: MT-ALPS02968983." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95229", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95229" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8445", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31747590. References: MT-ALPS02968983." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95229", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95229" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8445", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.344Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0677
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 17:44
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36035074.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.821Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36035074." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0677", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36035074." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0677", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T17:44:03.673Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0587
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in libmpeg2 in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35219737.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98119 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/external/libmpeg2/+/a86eb798d077b9b25c8f8c77e3c02c2f287c1ce7 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.588Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98119", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98119" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libmpeg2/+/a86eb798d077b9b25c8f8c77e3c02c2f287c1ce7" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in libmpeg2 in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35219737." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98119", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98119" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libmpeg2/+/a86eb798d077b9b25c8f8c77e3c02c2f287c1ce7" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0587", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in libmpeg2 in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35219737." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "98119", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98119" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "https://android.googlesource.com/platform/external/libmpeg2/+/a86eb798d077b9b25c8f8c77e3c02c2f287c1ce7", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libmpeg2/+/a86eb798d077b9b25c8f8c77e3c02c2f287c1ce7" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0587", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.588Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13293
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-17 01:16
Severity ?
EPSS score ?
Summary
In the nfc_hci_cmd_received() function of core.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-62679701.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.446Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In the nfc_hci_cmd_received() function of core.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-62679701." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13293", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the nfc_hci_cmd_received() function of core.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-62679701." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13293", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T01:16:19.682Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13244
Vulnerability from cvelistv5
Published
2018-02-12 19:00
Modified
2024-09-16 20:27
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Upstream kernel easel. Product: Android. Versions: Android kernel. ID: A-62678986.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/103008 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/pixel/2018-02-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:17.958Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "103008", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103008" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Upstream kernel easel. Product: Android. Versions: Android kernel. ID: A-62678986." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-15T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "103008", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103008" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-02-05T00:00:00", "ID": "CVE-2017-13244", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Upstream kernel easel. Product: Android. Versions: Android kernel. ID: A-62678986." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "103008", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103008" }, { "name": "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13244", "datePublished": "2018-02-12T19:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T20:27:07.178Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0768
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 17:17
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62019992.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100649 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.233Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62019992." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0768", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62019992." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "100649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100649" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0768", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T17:17:55.287Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9514
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-16 17:42
Severity ?
EPSS score ?
Summary
In sdcardfs_open of file.c, there is a possible Use After Free due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111642636 References: N/A
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105483 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-10-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.759Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105483", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105483" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-10-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In sdcardfs_open of file.c, there is a possible Use After Free due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111642636 References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105483", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105483" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-10-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9514", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In sdcardfs_open of file.c, there is a possible Use After Free due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111642636 References: N/A" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "105483", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105483" }, { "name": "https://source.android.com/security/bulletin/2018-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9514", "datePublished": "2018-10-02T19:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T17:42:54.580Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0531
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32877245. References: QC-CR#1087469.
References
▼ | URL | Tags |
---|---|---|
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=530f3a0fd837ed105eddaf99810bc13d97dc4302 | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96743 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.221Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=530f3a0fd837ed105eddaf99810bc13d97dc4302" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96743", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96743" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32877245. References: QC-CR#1087469." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=530f3a0fd837ed105eddaf99810bc13d97dc4302" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96743", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96743" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0531", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32877245. References: QC-CR#1087469." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=530f3a0fd837ed105eddaf99810bc13d97dc4302", "refsource": "CONFIRM", "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=530f3a0fd837ed105eddaf99810bc13d97dc4302" }, { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96743", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96743" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0531", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.221Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13174
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 23:15
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the kernel edl. Product: Android. Versions: Android kernel. Android ID A-63100473.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/102107 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.513Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "102107", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102107" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the kernel edl. Product: Android. Versions: Android kernel. Android ID A-63100473." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-08T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "102107", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102107" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13174", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the kernel edl. Product: Android. Versions: Android kernel. Android ID A-63100473." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "102107", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102107" }, { "name": "https://source.android.com/security/bulletin/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13174", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T23:15:20.408Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10281
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175647. References: M-ALPS02696475.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98158 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.862Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98158", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98158" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175647. References: M-ALPS02696475." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-24T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98158", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98158" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-10281", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175647. References: M-ALPS02696475." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98158", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98158" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10281", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-08-06T03:14:42.862Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9427
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-16 16:28
Severity ?
EPSS score ?
Summary
In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-77486542.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-08-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1041432 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-8.0 Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:17:52.269Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041432" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-8.0 Android-8.1" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-77486542." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041432" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9427", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-8.0 Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-77486542." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041432" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9427", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T16:28:04.219Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8399
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2017:2931 | vendor-advisory, x_refsource_REDHAT | |
http://www.securityfocus.com/bid/94708 | vdb-entry, x_refsource_BID | |
http://rhn.redhat.com/errata/RHSA-2017-0817.html | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2017:0869 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2017:2930 | vendor-advisory, x_refsource_REDHAT | |
https://support.f5.com/csp/article/K23030550?utm_source=f5support&%3Butm_medium=RSS | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.231Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "RHSA-2017:2931", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2931" }, { "name": "94708", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94708" }, { "name": "RHSA-2017:0817", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html" }, { "name": "RHSA-2017:0869", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:0869" }, { "name": "RHSA-2017:2930", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2930" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K23030550?utm_source=f5support\u0026amp%3Butm_medium=RSS" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-10-09T19:07:21", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "RHSA-2017:2931", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2931" }, { "name": "94708", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94708" }, { "name": "RHSA-2017:0817", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html" }, { "name": "RHSA-2017:0869", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:0869" }, { "name": "RHSA-2017:2930", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2930" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K23030550?utm_source=f5support\u0026amp%3Butm_medium=RSS" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8399", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "RHSA-2017:2931", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2931" }, { "name": "94708", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94708" }, { "name": "RHSA-2017:0817", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html" }, { "name": "RHSA-2017:0869", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:0869" }, { "name": "RHSA-2017:2930", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2930" }, { "name": "https://support.f5.com/csp/article/K23030550?utm_source=f5support\u0026amp;utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K23030550?utm_source=f5support\u0026amp;utm_medium=RSS" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8399", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.231Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0783
Vulnerability from cvelistv5
Published
2017-09-14 19:00
Modified
2024-09-17 04:18
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701.
References
▼ | URL | Tags |
---|---|---|
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100811 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.354Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100811", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100811" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-09-12T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-18T01:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100811", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100811" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-12T00:00:00", "ID": "CVE-2017-0783", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100811", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100811" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0783", "datePublished": "2017-09-14T19:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T04:18:51.494Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0601
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated as Moderate due to local bypass of user interaction requirements. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35258579.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98137 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.663Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98137", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98137" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated as Moderate due to local bypass of user interaction requirements. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35258579." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98137", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98137" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0601", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated as Moderate due to local bypass of user interaction requirements. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35258579." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98137", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98137" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0601", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.663Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0734
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-17 03:23
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38014992.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.457Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38014992." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0734", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38014992." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0734", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:23:32.811Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0404
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32510733.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95281 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.099Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95281", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95281" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32510733." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95281", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95281" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0404", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32510733." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95281", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95281" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0404", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.099Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8453
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-24739315. References: B-RB#73392.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95240 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.359Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95240", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95240" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-24739315. References: B-RB#73392." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95240", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95240" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8453", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-24739315. References: B-RB#73392." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95240", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95240" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8453", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.359Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0565
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175904. References: M-ALPS02696516.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97349 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.364Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97349", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97349" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175904. References: M-ALPS02696516." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97349", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97349" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0565", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175904. References: M-ALPS02696516." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97349", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97349" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0565", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.364Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0873
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 22:25
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63316255.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-12-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102126 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.434Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102126" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63316255." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-12T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102126" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-0873", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63316255." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102126" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0873", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T22:25:13.494Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13169
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 18:28
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the kernel camera server. Product: Android. Versions: Android kernel. Android ID A-37512375.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.702Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the kernel camera server. Product: Android. Versions: Android kernel. Android ID A-37512375." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-06T13:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13169", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the kernel camera server. Product: Android. Versions: Android kernel. Android ID A-37512375." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13169", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T18:28:24.694Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13283
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-16 19:24
Severity ?
EPSS score ?
Summary
In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possible out of bounds write on the stack due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603410.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105482 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.799Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possible out of bounds write on the stack due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603410." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2017-13283", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possible out of bounds write on the stack due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603410." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "105482", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105482" }, { "name": "https://source.android.com/security/bulletin/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13283", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T19:24:51.589Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9459
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-16 20:06
Severity ?
EPSS score ?
Summary
In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-66230183.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-08-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1041432 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:54.955Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041432" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-66230183." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041432" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9459", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-66230183." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041432" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9459", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T20:06:56.127Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0391
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in decoder/ihevcd_decode.c in libhevc in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32322258.
References
▼ | URL | Tags |
---|---|---|
https://android.googlesource.com/platform/external/libhevc/+/a33f6725d7e9f92330f995ce2dcf4faa33f6433f | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95230 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.060Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/a33f6725d7e9f92330f995ce2dcf4faa33f6433f" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95230", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95230" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in decoder/ihevcd_decode.c in libhevc in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32322258." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-07T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/a33f6725d7e9f92330f995ce2dcf4faa33f6433f" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95230", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95230" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0391", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in decoder/ihevcd_decode.c in libhevc in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32322258." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://android.googlesource.com/platform/external/libhevc/+/a33f6725d7e9f92330f995ce2dcf4faa33f6433f", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libhevc/+/a33f6725d7e9f92330f995ce2dcf4faa33f6433f" }, { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95230", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95230" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0391", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.060Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0434
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33001936.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96061 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.144Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96061", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96061" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33001936." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96061", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96061" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0434", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33001936." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96061", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96061" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0434", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.144Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0805
Vulnerability from cvelistv5
Published
2017-08-24 00:00
Modified
2024-09-16 20:57
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237701.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.275Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-08-23T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237701." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-23T23:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-23T00:00:00", "ID": "CVE-2017-0805", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237701." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0805", "datePublished": "2017-08-24T00:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T20:57:36.354Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9578
Vulnerability from cvelistv5
Published
2018-12-07 23:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113261928.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.936Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-12-07T00:00:00", "descriptions": [ { "lang": "en", "value": "In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113261928." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-07T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9578", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113261928." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9578", "datePublished": "2018-12-07T23:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.936Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6772
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31856351.
References
▼ | URL | Tags |
---|---|---|
https://bugs.chromium.org/p/project-zero/issues/detail?id=958 | x_refsource_MISC | |
http://www.securityfocus.com/bid/94701 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
https://www.exploit-db.com/exploits/40945/ | exploit, x_refsource_EXPLOIT-DB |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.891Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=958" }, { "name": "94701", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94701" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "40945", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/40945/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31856351." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-18T21:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=958" }, { "name": "94701", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94701" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "40945", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/40945/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6772", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31856351." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=958", "refsource": "MISC", "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=958" }, { "name": "94701", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94701" }, { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "40945", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/40945/" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6772", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.891Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0558
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34056274.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/frameworks/av/+/50358a80b1724f6cf1bcdf003e1abf9cc141b122 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97332 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.270Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/50358a80b1724f6cf1bcdf003e1abf9cc141b122" }, { "name": "97332", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97332" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34056274." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/50358a80b1724f6cf1bcdf003e1abf9cc141b122" }, { "name": "97332", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97332" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0558", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34056274." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "https://android.googlesource.com/platform/frameworks/av/+/50358a80b1724f6cf1bcdf003e1abf9cc141b122", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/av/+/50358a80b1724f6cf1bcdf003e1abf9cc141b122" }, { "name": "97332", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97332" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0558", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.270Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0599
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34672748.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98134 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/external/libhevc/+/a1424724a00d62ac5efa0e27953eed66850d662f | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.613Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98134", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98134" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/a1424724a00d62ac5efa0e27953eed66850d662f" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34672748." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98134", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98134" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/a1424724a00d62ac5efa0e27953eed66850d662f" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0599", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34672748." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "98134", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98134" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "https://android.googlesource.com/platform/external/libhevc/+/a1424724a00d62ac5efa0e27953eed66850d662f", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libhevc/+/a1424724a00d62ac5efa0e27953eed66850d662f" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0599", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.613Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6716
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the AOSP Launcher in Android 7.0 before 2016-11-01 could allow a local malicious application to create shortcuts that have elevated privileges without the user's consent. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission). Android ID: A-30778130.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94171 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.532Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94171", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94171" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the AOSP Launcher in Android 7.0 before 2016-11-01 could allow a local malicious application to create shortcuts that have elevated privileges without the user\u0027s consent. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission). Android ID: A-30778130." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94171", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94171" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6716", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the AOSP Launcher in Android 7.0 before 2016-11-01 could allow a local malicious application to create shortcuts that have elevated privileges without the user\u0027s consent. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission). Android ID: A-30778130." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "94171", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94171" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6716", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.532Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0757
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 17:49
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36006815.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100649 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.716Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36006815." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0757", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36006815." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "100649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100649" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0757", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T17:49:28.345Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13171
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 19:19
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek performance service. Product: Android. Versions: Android kernel. Android ID A-64316572. References: M-ALPS03479086.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-12-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102108 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.618Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102108", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102108" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek performance service. Product: Android. Versions: Android kernel. Android ID A-64316572. References: M-ALPS03479086." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-09T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102108", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102108" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13171", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek performance service. Product: Android. Versions: Android kernel. Android ID A-64316572. References: M-ALPS03479086." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102108", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102108" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13171", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T19:19:12.672Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0536
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33555878.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96835 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.128Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96835", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96835" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33555878." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96835", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96835" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0536", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33555878." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96835", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96835" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0536", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.128Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0489
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Location Manager could enable a local malicious application to bypass operating system protections for location data. This issue is rated as Moderate because it could be used to generate inaccurate data. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33091107.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/96792 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.764Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "96792", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96792" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Location Manager could enable a local malicious application to bypass operating system protections for location data. This issue is rated as Moderate because it could be used to generate inaccurate data. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33091107." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "96792", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96792" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0489", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Location Manager could enable a local malicious application to bypass operating system protections for location data. This issue is rated as Moderate because it could be used to generate inaccurate data. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33091107." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "96792", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96792" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0489", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.764Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0793
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 18:24
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the N/A memory subsystem. Product: Android. Versions: Android kernel. Android ID: A-35764946.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100670 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.281Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100670", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100670" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the N/A memory subsystem. Product: Android. Versions: Android kernel. Android ID: A-35764946." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100670", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100670" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0793", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the N/A memory subsystem. Product: Android. Versions: Android kernel. Android ID: A-35764946." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100670", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100670" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0793", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T18:24:28.087Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8477
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32720522. References: QC-CR#1090007.
References
▼ | URL | Tags |
---|---|---|
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=33c9042e38506b04461fa99e304482bc20923508 | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96749 | vdb-entry, x_refsource_BID | |
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=96145eb5f0631f0e105d47abebc8f940f7621eeb | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.340Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=33c9042e38506b04461fa99e304482bc20923508" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96749", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96749" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=96145eb5f0631f0e105d47abebc8f940f7621eeb" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32720522. References: QC-CR#1090007." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=33c9042e38506b04461fa99e304482bc20923508" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96749", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96749" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=96145eb5f0631f0e105d47abebc8f940f7621eeb" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8477", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32720522. References: QC-CR#1090007." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=33c9042e38506b04461fa99e304482bc20923508", "refsource": "CONFIRM", "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=33c9042e38506b04461fa99e304482bc20923508" }, { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96749", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96749" }, { "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=96145eb5f0631f0e105d47abebc8f940f7621eeb", "refsource": "CONFIRM", "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=96145eb5f0631f0e105d47abebc8f940f7621eeb" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8477", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.340Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0733
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-17 01:35
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38391487.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.476Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38391487." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0733", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38391487." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0733", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T01:35:57.672Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0504
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30074628. References: M-ALPS02829371.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96726 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.575Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96726", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96726" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30074628. References: M-ALPS02829371." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96726", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96726" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0504", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30074628. References: M-ALPS02829371." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96726", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96726" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0504", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.575Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0568
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34197514. References: B-RB#112600.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97331 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.368Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97331", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97331" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34197514. References: B-RB#112600." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97331", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97331" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0568", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34197514. References: B-RB#112600." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97331", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97331" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0568", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.368Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0593
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114230.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98126 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.755Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98126", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98126" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114230." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98126", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98126" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0593", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114230." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98126", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98126" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0593", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.755Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8403
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31495348.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94686 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.244Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94686", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94686" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31495348." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94686", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94686" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8403", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31495348." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94686", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94686" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8403", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.244Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8479
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31824853. References: QC-CR#1093687.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96801 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.343Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96801", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96801" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31824853. References: QC-CR#1093687." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96801", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96801" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8479", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31824853. References: QC-CR#1093687." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96801", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96801" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8479", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.343Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0581
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34614485.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97335 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.823Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97335", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97335" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34614485." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97335", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97335" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0581", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34614485." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97335", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97335" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0581", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.823Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6780
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31251496.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94675 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:38.320Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94675", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94675" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31251496." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94675", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94675" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6780", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31251496." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94675", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94675" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6780", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:38.320Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13247
Vulnerability from cvelistv5
Published
2018-02-12 19:00
Modified
2024-09-17 00:06
Severity ?
EPSS score ?
Summary
In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-71486645.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-02-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/103027 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:17.898Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-02-01" }, { "name": "103027", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-71486645." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-16T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-02-01" }, { "name": "103027", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103027" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-02-05T00:00:00", "ID": "CVE-2017-13247", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-71486645." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-02-01" }, { "name": "103027", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103027" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13247", "datePublished": "2018-02-12T19:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T00:06:03.165Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0502
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28430164. References: M-ALPS02710027.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96726 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.762Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96726", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96726" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28430164. References: M-ALPS02710027." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96726", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96726" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0502", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28430164. References: M-ALPS02710027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96726", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96726" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0502", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.762Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0578
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33964406.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/97358 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.490Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "97358", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97358" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33964406." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "97358", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97358" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0578", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33964406." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "97358", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97358" }, { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0578", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.490Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9489
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-16 20:22
Severity ?
EPSS score ?
Summary
When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi network information. This could lead to information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-77286245.
References
▼ | URL | Tags |
---|---|---|
https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/ | x_refsource_MISC | |
http://www.securitytracker.com/id/1041590 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:54.961Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/" }, { "name": "1041590", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041590" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi network information. This could lead to information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-77286245." } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/" }, { "name": "1041590", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041590" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9489", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi network information. This could lead to information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-77286245." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/", "refsource": "MISC", "url": "https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/" }, { "name": "1041590", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041590" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9489", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T20:22:34.166Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13225
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 18:54
Severity ?
EPSS score ?
Summary
In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38308024. References: M-ALPS03495789.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/102420 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.568Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102420", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102420" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38308024. References: M-ALPS03495789." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102420", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102420" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13225", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38308024. References: M-ALPS03495789." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102420", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102420" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13225", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T18:54:08.354Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0561
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/97367 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
https://www.exploit-db.com/exploits/41805/ | exploit, x_refsource_EXPLOIT-DB | |
https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html | mailing-list, x_refsource_MLIST | |
https://www.exploit-db.com/exploits/41806/ | exploit, x_refsource_EXPLOIT-DB | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.443Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "97367", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97367" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "41805", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/41805/" }, { "name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html" }, { "name": "41806", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/41806/" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "97367", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97367" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "41805", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/41805/" }, { "name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html" }, { "name": "41806", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/41806/" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0561", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "97367", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97367" }, { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "41805", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/41805/" }, { "name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html" }, { "name": "41806", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/41806/" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0561", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.443Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0416
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32886609.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96055 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.107Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96055", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96055" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32886609." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96055", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96055" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0416", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32886609." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96055", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96055" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0416", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.107Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9501
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-17 04:08
Severity ?
EPSS score ?
Summary
In the SetupWizard, there is a possible Factory Reset Protection bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110034419
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105482 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-10-01%2C | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/packages/apps/Settings/+/5e43341b8c7eddce88f79c9a5068362927c05b54 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.979Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/packages/apps/Settings/+/5e43341b8c7eddce88f79c9a5068362927c05b54" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In the SetupWizard, there is a possible Factory Reset Protection bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110034419" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/packages/apps/Settings/+/5e43341b8c7eddce88f79c9a5068362927c05b54" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9501", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the SetupWizard, there is a possible Factory Reset Protection bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110034419" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "105482", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105482" }, { "name": "https://source.android.com/security/bulletin/2018-10-01,", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01," }, { "name": "https://android.googlesource.com/platform/packages/apps/Settings/+/5e43341b8c7eddce88f79c9a5068362927c05b54", "refsource": "MISC", "url": "https://android.googlesource.com/platform/packages/apps/Settings/+/5e43341b8c7eddce88f79c9a5068362927c05b54" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9501", "datePublished": "2018-10-02T19:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-17T04:08:51.771Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0747
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-16 23:50
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Qualcomm proprietary component. Product: Android. Versions: Android kernel. Android ID: A-32524214. References: QC-CR#2044821.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100213 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.230Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" }, { "name": "100213", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100213" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Qualcomm proprietary component. Product: Android. Versions: Android kernel. Android ID: A-32524214. References: QC-CR#2044821." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" }, { "name": "100213", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100213" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0747", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Qualcomm proprietary component. Product: Android. Versions: Android kernel. Android ID: A-32524214. References: QC-CR#2044821." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" }, { "name": "100213", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100213" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0747", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T23:50:29.235Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0401
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32588016.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95226 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.151Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe" }, { "name": "95226", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95226" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32588016." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe" }, { "name": "95226", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95226" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0401", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32588016." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe" }, { "name": "95226", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95226" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0401", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.151Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0789
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-17 03:12
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37685267. References: B-V2017053102.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100655 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.262Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100655", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100655" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37685267. References: B-V2017053102." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100655", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100655" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0789", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37685267. References: B-V2017053102." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100655", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100655" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0789", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:12:41.773Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0854
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-16 23:35
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63873837.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.514Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63873837." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-16T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0854", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63873837." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0854", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T23:35:40.888Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0396
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31781965.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95232 | vdb-entry, x_refsource_BID | |
https://android.googlesource.com/platform/frameworks/av/+/557bd7bfe6c4895faee09e46fc9b5304a956c8b7 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.083Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95232", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95232" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/557bd7bfe6c4895faee09e46fc9b5304a956c8b7" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31781965." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95232", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95232" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/557bd7bfe6c4895faee09e46fc9b5304a956c8b7" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0396", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31781965." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95232", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95232" }, { "name": "https://android.googlesource.com/platform/frameworks/av/+/557bd7bfe6c4895faee09e46fc9b5304a956c8b7", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/av/+/557bd7bfe6c4895faee09e46fc9b5304a956c8b7" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0396", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.083Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0493
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. This issue is rated as Moderate due to the possibility of bypassing the lock screen. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32793550.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98140 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.686Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98140", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98140" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. This issue is rated as Moderate due to the possibility of bypassing the lock screen. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32793550." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98140", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98140" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0493", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. This issue is rated as Moderate due to the possibility of bypassing the lock screen. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32793550." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "98140", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98140" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0493", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.686Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13181
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 23:26
Severity ?
EPSS score ?
Summary
In the doGetThumb and getThumbnail functions of MtpServer, there is a possible double free due to not NULLing out a freed pointer. This could lead to an local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67864232.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/102414 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.456Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102414" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In the doGetThumb and getThumbnail functions of MtpServer, there is a possible double free due to not NULLing out a freed pointer. This could lead to an local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67864232." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102414" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13181", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the doGetThumb and getThumbnail functions of MtpServer, there is a possible double free due to not NULLing out a freed pointer. This could lead to an local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67864232." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102414" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13181", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T23:26:21.691Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0492
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the System UI could enable a local malicious application to create a UI overlay covering the entire screen. This issue is rated as Moderate because it is a local bypass of user interaction requirements that would normally require either user initiation or user permission. Product: Android. Versions: 7.1.1. Android ID: A-30150688.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96794 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.522Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96794", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96794" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the System UI could enable a local malicious application to create a UI overlay covering the entire screen. This issue is rated as Moderate because it is a local bypass of user interaction requirements that would normally require either user initiation or user permission. Product: Android. Versions: 7.1.1. Android ID: A-30150688." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96794", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96794" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0492", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the System UI could enable a local malicious application to create a UI overlay covering the entire screen. This issue is rated as Moderate because it is a local bypass of user interaction requirements that would normally require either user initiation or user permission. Product: Android. Versions: 7.1.1. Android ID: A-30150688." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96794", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96794" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0492", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.522Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0853
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-16 22:45
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63121644.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.353Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63121644." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-16T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0853", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63121644." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0853", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T22:45:53.461Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0395
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Contacts could enable a local malicious application to silently create contact information. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32219099.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95261 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.052Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95261", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95261" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Contacts could enable a local malicious application to silently create contact information. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32219099." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95261", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95261" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0395", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Contacts could enable a local malicious application to silently create contact information. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32219099." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95261", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95261" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0395", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.052Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9566
Vulnerability from cvelistv5
Published
2018-12-06 14:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In process_service_search_rsp of sdp_discovery.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure when connecting to a malicious Bluetooth device with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-74249842.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/106147 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.329Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "106147", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106147" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } ], "datePublic": "2018-12-06T00:00:00", "descriptions": [ { "lang": "en", "value": "In process_service_search_rsp of sdp_discovery.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure when connecting to a malicious Bluetooth device with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-74249842." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-11T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "106147", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106147" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9566", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In process_service_search_rsp of sdp_discovery.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure when connecting to a malicious Bluetooth device with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-74249842." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "106147", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106147" }, { "name": "https://source.android.com/security/bulletin/2018-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9566", "datePublished": "2018-12-06T14:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.329Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13151
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 20:01
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63874456.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-12-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102126 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.419Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102126" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63874456." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-12T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102126" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13151", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63874456." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102126" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13151", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T20:01:53.971Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6789
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.18. Android ID: A-31251973. References: N-CVE-2016-6789.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94678 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://nvidia.custhelp.com/app/answers/detail/a_id/4561 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:38.034Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94678", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94678" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.18. Android ID: A-31251973. References: N-CVE-2016-6789." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-18T17:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94678", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94678" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6789", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.18. Android ID: A-31251973. References: N-CVE-2016-6789." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "94678", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94678" }, { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6789", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:38.034Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0804
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 20:06
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the MediaTek mmc driver. Product: Android. Versions: Android kernel. Android ID: A-36274676. References: M-ALPS03361487.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100652 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.364Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100652", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100652" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the MediaTek mmc driver. Product: Android. Versions: Android kernel. Android ID: A-36274676. References: M-ALPS03361487." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100652", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100652" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0804", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the MediaTek mmc driver. Product: Android. Versions: Android kernel. Android ID: A-36274676. References: M-ALPS03361487." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "100652", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100652" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0804", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T20:06:49.556Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10296
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm shared memory driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33845464. References: QC-CR#1109782.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.846Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm shared memory driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33845464. References: QC-CR#1109782." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-12T14:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-10296", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm shared memory driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33845464. References: QC-CR#1109782." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10296", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-08-06T03:14:42.846Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13277
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-16 20:02
Severity ?
EPSS score ?
Summary
In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72165027.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.058Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72165027." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13277", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72165027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13277", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T20:02:58.215Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13274
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-17 02:33
Severity ?
EPSS score ?
Summary
In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71360761.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.002Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71360761." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13274", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71360761." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13274", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T02:33:08.200Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13219
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-17 02:01
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Upstream kernel synaptics touchscreen controller. Product: Android. Versions: Android kernel. Android ID: A-62800865.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-01-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.704Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Upstream kernel synaptics touchscreen controller. Product: Android. Versions: Android kernel. Android ID: A-62800865." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-12T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13219", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Upstream kernel synaptics touchscreen controller. Product: Android. Versions: Android kernel. Android ID: A-62800865." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13219", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T02:01:38.127Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0707
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-17 01:46
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the HTC led driver. Product: Android. Versions: Android kernel. Android ID: A-36088467.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99474 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.477Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99474", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99474" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the HTC led driver. Product: Android. Versions: Android kernel. Android ID: A-36088467." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99474", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99474" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0707", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the HTC led driver. Product: Android. Versions: Android kernel. Android ID: A-36088467." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99474", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99474" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0707", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T01:46:06.455Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10289
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33899710. References: QC-CR#1116295.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.847Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33899710. References: QC-CR#1116295." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-12T14:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-10289", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33899710. References: QC-CR#1116295." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10289", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-08-06T03:14:42.847Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0850
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-17 04:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-64836941.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.461Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-64836941." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-16T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0850", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-64836941." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0850", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T04:20:38.347Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0592
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in FLACExtractor.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34970788.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98125 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/frameworks/av/+/acc192347665943ca674acf117e4f74a88436922 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.700Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98125", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98125" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/acc192347665943ca674acf117e4f74a88436922" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in FLACExtractor.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34970788." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98125", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98125" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/acc192347665943ca674acf117e4f74a88436922" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0592", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in FLACExtractor.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34970788." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "98125", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98125" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "https://android.googlesource.com/platform/frameworks/av/+/acc192347665943ca674acf117e4f74a88436922", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/av/+/acc192347665943ca674acf117e4f74a88436922" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0592", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.700Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0785
Vulnerability from cvelistv5
Published
2017-09-14 19:00
Modified
2024-09-16 23:20
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698.
References
▼ | URL | Tags |
---|---|---|
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | x_refsource_CONFIRM | |
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1041300 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/100812 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.325Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "1041300", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041300" }, { "name": "100812", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100812" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-09-12T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-07-27T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "1041300", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041300" }, { "name": "100812", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100812" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-12T00:00:00", "ID": "CVE-2017-0785", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "1041300", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041300" }, { "name": "100812", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100812" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0785", "datePublished": "2017-09-14T19:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T23:20:57.466Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0588
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34618607.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98120 | vdb-entry, x_refsource_BID | |
https://android.googlesource.com/platform/frameworks/av/+/6f1d990ce0f116a205f467d9eb2082795e33872b | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.800Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98120", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98120" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/6f1d990ce0f116a205f467d9eb2082795e33872b" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34618607." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98120", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98120" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/6f1d990ce0f116a205f467d9eb2082795e33872b" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0588", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34618607." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98120", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98120" }, { "name": "https://android.googlesource.com/platform/frameworks/av/+/6f1d990ce0f116a205f467d9eb2082795e33872b", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/av/+/6f1d990ce0f116a205f467d9eb2082795e33872b" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0588", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.800Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8449
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31798848. References: N-CVE-2016-8449.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95262 | vdb-entry, x_refsource_BID | |
http://nvidia.custhelp.com/app/answers/detail/a_id/4561 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.342Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95262", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95262" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31798848. References: N-CVE-2016-8449." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-18T17:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95262", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95262" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8449", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31798848. References: N-CVE-2016-8449." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95262", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95262" }, { "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8449", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.342Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0710
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 18:24
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Upstream Linux tcb. Product: Android. Versions: Android kernel. Android ID: A-34951864.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99468 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:04.960Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99468", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99468" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Upstream Linux tcb. Product: Android. Versions: Android kernel. Android ID: A-34951864." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99468", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99468" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0710", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Upstream Linux tcb. Product: Android. Versions: Android kernel. Android ID: A-34951864." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99468", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99468" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0710", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T18:24:50.866Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6729
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30977990. References: Qualcomm QC-CR#977684.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94203 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.462Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94203", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94203" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30977990. References: Qualcomm QC-CR#977684." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94203", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94203" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6729", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30977990. References: Qualcomm QC-CR#977684." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94203", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94203" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6729", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.462Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-3907
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 00:10
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30593266. References: Qualcomm QC-CR#1054352.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94139 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T00:10:31.864Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94139", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94139" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30593266. References: Qualcomm QC-CR#1054352." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94139", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94139" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-3907", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30593266. References: Qualcomm QC-CR#1054352." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94139", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94139" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-3907", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-03-30T00:00:00", "dateUpdated": "2024-08-06T00:10:31.864Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0674
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 22:15
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231163.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.946Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231163." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0674", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231163." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0674", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T22:15:18.763Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6763
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in Telephony could enable a local malicious application to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31530456.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94711 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.900Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94711", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94711" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in Telephony could enable a local malicious application to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31530456." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94711", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94711" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6763", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in Telephony could enable a local malicious application to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31530456." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94711", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94711" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6763", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.900Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13170
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 20:37
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek display driver. Product: Android. Versions: Android kernel. Android ID A-36102397. References: M-ALPS03359280.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-12-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102108 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.663Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102108", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102108" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek display driver. Product: Android. Versions: Android kernel. Android ID A-36102397. References: M-ALPS03359280." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-09T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102108", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102108" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13170", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek display driver. Product: Android. Versions: Android kernel. Android ID A-36102397. References: M-ALPS03359280." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102108", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102108" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13170", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T20:37:09.595Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13272
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-09-16 18:48
Severity ?
EPSS score ?
Summary
In alarm_ready_generic of alarm.cc, there is a possible out of bounds write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110137.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-03-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/103253 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.988Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "103253", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103253" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In alarm_ready_generic of alarm.cc, there is a possible out of bounds write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110137." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "103253", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103253" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2017-13272", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In alarm_ready_generic of alarm.cc, there is a possible out of bounds write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110137." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "103253", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103253" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13272", "datePublished": "2018-04-04T17:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T18:48:47.404Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8484
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-17 03:53
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823575.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/96737 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.330Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "96737", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96737" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823575." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "96737", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96737" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-03-06T00:00:00", "ID": "CVE-2016-8484", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823575." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "96737", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96737" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8484", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-09-17T03:53:46.347Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6702
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94160 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.563Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94160", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94160" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94160", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94160" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6702", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94160", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94160" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6702", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.563Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0647
Vulnerability from cvelistv5
Published
2017-06-14 13:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36392138.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98877 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.907Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98877", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98877" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36392138." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-07T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98877", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98877" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0647", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36392138." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98877", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98877" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0647", "datePublished": "2017-06-14T13:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.907Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13245
Vulnerability from cvelistv5
Published
2018-02-12 19:00
Modified
2024-09-16 16:13
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Upstream kernel audio driver. Product: Android. Versions: Android kernel. ID: A-64315347.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/103008 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/pixel/2018-02-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:17.890Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "103008", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103008" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Upstream kernel audio driver. Product: Android. Versions: Android kernel. ID: A-64315347." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-15T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "103008", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103008" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-02-05T00:00:00", "ID": "CVE-2017-13245", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Upstream kernel audio driver. Product: Android. Versions: Android kernel. ID: A-64315347." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "103008", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103008" }, { "name": "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13245", "datePublished": "2018-02-12T19:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T16:13:43.075Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8413
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32709702. References: QC-CR#518731.
References
▼ | URL | Tags |
---|---|---|
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=bc77232707df371ff6bab9350ae39676535c0e9d | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96749 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.265Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=bc77232707df371ff6bab9350ae39676535c0e9d" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96749", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96749" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32709702. References: QC-CR#518731." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=bc77232707df371ff6bab9350ae39676535c0e9d" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96749", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96749" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8413", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32709702. References: QC-CR#518731." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=bc77232707df371ff6bab9350ae39676535c0e9d", "refsource": "CONFIRM", "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=bc77232707df371ff6bab9350ae39676535c0e9d" }, { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96749", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96749" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8413", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.265Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0505
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31822282. References: M-ALPS02992041.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96726 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.903Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96726", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96726" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31822282. References: M-ALPS02992041." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96726", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96726" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0505", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31822282. References: M-ALPS02992041." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96726", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96726" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0505", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.903Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-6423
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-17 03:48
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm kyro L2 driver. Product: Android. Versions: Android kernel. Android ID: A-32831370. References: QC-CR#1103158.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97387 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T15:25:49.307Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97387", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97387" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm kyro L2 driver. Product: Android. Versions: Android kernel. Android ID: A-32831370. References: QC-CR#1103158." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97387", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97387" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-04-03T00:00:00", "ID": "CVE-2017-6423", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm kyro L2 driver. Product: Android. Versions: Android kernel. Android ID: A-32831370. References: QC-CR#1103158." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97387", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97387" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-6423", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-01T00:00:00", "dateUpdated": "2024-09-17T03:48:44.324Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8482
Vulnerability from cvelistv5
Published
2018-04-05 18:00
Modified
2024-09-17 04:29
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the NVIDIA GPU driver. Product: Android. Versions: Android kernel. Android ID: A-31799863. References: N-CVE-2016-8482.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/95231 | vdb-entry, x_refsource_BID | |
http://nvidia.custhelp.com/app/answers/detail/a_id/4561 | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2017-01-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.337Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "95231", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95231" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver. Product: Android. Versions: Android kernel. Android ID: A-31799863. References: N-CVE-2016-8482." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-06T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "95231", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95231" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-01-03T00:00:00", "ID": "CVE-2016-8482", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver. Product: Android. Versions: Android kernel. Android ID: A-31799863. References: N-CVE-2016-8482." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "95231", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95231" }, { "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" }, { "name": "https://source.android.com/security/bulletin/2017-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8482", "datePublished": "2018-04-05T18:00:00Z", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-09-17T04:29:32.782Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6713
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-30822755.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94137 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.528Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94137", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94137" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-30822755." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94137", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94137" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6713", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-30822755." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "94137", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94137" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6713", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.528Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6740
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30143904. References: Qualcomm QC-CR#1056307.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94142 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.578Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94142", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94142" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30143904. References: Qualcomm QC-CR#1056307." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94142", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94142" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6740", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30143904. References: Qualcomm QC-CR#1056307." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94142", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94142" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6740", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.578Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0695
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 20:13
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37094889.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:04.438Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37094889." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0695", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37094889." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0695", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T20:13:30.166Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0796
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 17:14
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the MediaTek auxadc driver. Product: Android. Versions: Android kernel. Android ID: A-62458865. References: M-ALPS03353884, M-ALPS03353886, M-ALPS03353887.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100652 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.295Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100652", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100652" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the MediaTek auxadc driver. Product: Android. Versions: Android kernel. Android ID: A-62458865. References: M-ALPS03353884, M-ALPS03353886, M-ALPS03353887." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100652", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100652" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0796", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the MediaTek auxadc driver. Product: Android. Versions: Android kernel. Android ID: A-62458865. References: M-ALPS03353884, M-ALPS03353886, M-ALPS03353887." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "100652", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100652" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0796", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T17:14:50.408Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6741
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30559423. References: Qualcomm QC-CR#1060554.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94142 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.576Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94142", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94142" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30559423. References: Qualcomm QC-CR#1060554." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94142", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94142" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6741", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30559423. References: Qualcomm QC-CR#1060554." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94142", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94142" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6741", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.576Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0714
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-16 23:36
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492637.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.586Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492637." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0714", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492637." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0714", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T23:36:25.854Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0756
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-17 02:36
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100649 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.254Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0756", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "100649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100649" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0756", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T02:36:50.163Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0519
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm fingerprint sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32372915. References: QC-CR#1086530.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96950 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.617Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96950", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96950" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm fingerprint sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32372915. References: QC-CR#1086530." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96950", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96950" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0519", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm fingerprint sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32372915. References: QC-CR#1086530." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96950", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96950" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0519", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.617Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13206
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-17 01:36
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (aacdec). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65025048.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/102523 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/pixel/2018-01-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.619Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "102523", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102523" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (aacdec). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65025048." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-17T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "102523", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102523" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13206", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (aacdec). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65025048." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "102523", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102523" }, { "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13206", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T01:36:29.843Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9450
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-16 19:04
Severity ?
EPSS score ?
Summary
In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79541338.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-08-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1041432 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:17:52.099Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041432" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79541338." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041432" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9450", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79541338." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041432" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9450", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T19:04:39.393Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0480
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32705429.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96958 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.647Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96958", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96958" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32705429." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96958", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96958" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0480", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32705429." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96958", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96958" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0480", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.647Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0624
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34327795. References: QC-CR#2005832.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98200 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.693Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98200", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98200" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34327795. References: QC-CR#2005832." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98200", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98200" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0624", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34327795. References: QC-CR#2005832." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98200", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98200" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0624", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.693Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0577
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33842951.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97348 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.332Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97348", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97348" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33842951." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97348", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97348" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0577", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33842951." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97348", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97348" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0577", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.332Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0641
Vulnerability from cvelistv5
Published
2017-06-14 13:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34360591.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98868 | vdb-entry, x_refsource_BID | |
https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.953Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98868", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98868" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34360591." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-07T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98868", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98868" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0641", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34360591." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98868", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98868" }, { "name": "https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0641", "datePublished": "2017-06-14T13:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.953Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0690
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 22:14
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36592202.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:04.446Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36592202." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0690", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36592202." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0690", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T22:14:29.387Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10284
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402303. References: QC-CR#2000664.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98162 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.843Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98162", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98162" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402303. References: QC-CR#2000664." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98162", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98162" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-10284", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402303. References: QC-CR#2000664." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98162", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98162" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10284", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-08-06T03:14:42.843Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0618
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-35100728. References: M-ALPS03161536.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98191 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.809Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98191", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98191" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-35100728. References: M-ALPS03161536." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-24T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98191", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98191" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0618", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-35100728. References: M-ALPS03161536." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98191", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98191" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0618", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.809Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0483
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33137046.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96733 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.587Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96733", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96733" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33137046." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96733", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96733" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0483", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33137046." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96733", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96733" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0483", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.587Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0726
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-16 17:09
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36389123.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.418Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36389123." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0726", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36389123." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0726", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T17:09:12.595Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9438
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-16 20:52
Severity ?
EPSS score ?
Summary
When a device connects only over WiFi VPN, the device may not receive security updates due to some incorrect checks. This could lead to a local denial of service of security updates with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1 Android ID: A-78644887.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-08-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1041432 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:17:52.086Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041432" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-8.1" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "When a device connects only over WiFi VPN, the device may not receive security updates due to some incorrect checks. This could lead to a local denial of service of security updates with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1 Android ID: A-78644887." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041432" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9438", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "When a device connects only over WiFi VPN, the device may not receive security updates due to some incorrect checks. This could lead to a local denial of service of security updates with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1 Android ID: A-78644887." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041432" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9438", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T20:52:51.203Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0481
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in NFC could enable a proximate attacker to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33434992.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96765 | vdb-entry, x_refsource_BID | |
http://www.securityfocus.com/bid/96953 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.809Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96765", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96765" }, { "name": "96953", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96953" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in NFC could enable a proximate attacker to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33434992." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96765", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96765" }, { "name": "96953", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96953" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0481", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in NFC could enable a proximate attacker to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33434992." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96765", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96765" }, { "name": "96953", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96953" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0481", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.809Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0765
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-17 01:17
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872863.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100649 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.447Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872863." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0765", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872863." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "100649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100649" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0765", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T01:17:06.839Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8416
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32510746. References: QC-CR#1088206.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96734 | vdb-entry, x_refsource_BID | |
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.323Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96734", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96734" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32510746. References: QC-CR#1088206." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96734", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96734" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8416", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32510746. References: QC-CR#1088206." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96734", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96734" }, { "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f", "refsource": "CONFIRM", "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8416", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.323Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9570
Vulnerability from cvelistv5
Published
2018-12-07 23:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In impd_parse_drc_ext_v1 of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-115375616.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.230Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-12-07T00:00:00", "descriptions": [ { "lang": "en", "value": "In impd_parse_drc_ext_v1 of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-115375616." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-07T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9570", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In impd_parse_drc_ext_v1 of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-115375616." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9570", "datePublished": "2018-12-07T23:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.230Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13299
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-16 22:56
Severity ?
EPSS score ?
Summary
A other vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897394.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.922Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A other vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897394." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13299", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A other vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897394." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13299", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T22:56:03.284Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9524
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-34170870
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105848 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.947Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105848", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105848" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-34170870" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-15T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105848", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105848" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9524", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-34170870" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "105848", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105848" }, { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9524", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.947Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9535
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In ixheaacd_reset_acelp_data_fix of ixheaacd_lpc.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112858010
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.944Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In ixheaacd_reset_acelp_data_fix of ixheaacd_lpc.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112858010" } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-14T17:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9535", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ixheaacd_reset_acelp_data_fix of ixheaacd_lpc.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112858010" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9535", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.944Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9571
Vulnerability from cvelistv5
Published
2018-12-07 23:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In impd_parse_loud_eq_instructions of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116020594.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.259Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-12-07T00:00:00", "descriptions": [ { "lang": "en", "value": "In impd_parse_loud_eq_instructions of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116020594." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-07T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9571", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In impd_parse_loud_eq_instructions of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116020594." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9571", "datePublished": "2018-12-07T23:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.259Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13195
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-17 00:01
Severity ?
EPSS score ?
Summary
In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negative which could lead to negative indexes which could lead to an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65398821.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/102414 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.675Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102414" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negative which could lead to negative indexes which could lead to an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65398821." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102414" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13195", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negative which could lead to negative indexes which could lead to an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65398821." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102414" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13195", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T00:01:03.478Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10299
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-17 02:51
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32577244.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98874 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.998Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32577244." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-06-05T00:00:00", "ID": "CVE-2016-10299", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32577244." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10299", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-09-17T02:51:48.322Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0535
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the HTC sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33547247.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96833 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.057Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96833", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96833" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the HTC sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33547247." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96833", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96833" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0535", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the HTC sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33547247." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "96833", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96833" }, { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0535", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.057Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0776
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 20:52
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38496660.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100649 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.274Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38496660." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0776", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38496660." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "100649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100649" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0776", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T20:52:15.809Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-9016
Vulnerability from cvelistv5
Published
2018-04-05 18:00
Modified
2024-09-17 04:28
Severity ?
EPSS score ?
Summary
In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege. Product: Android. Versions: Android kernel. Android ID: A-63083046.
References
▼ | URL | Tags |
---|---|---|
https://www.debian.org/security/2018/dsa-4187 | vendor-advisory, x_refsource_DEBIAN | |
https://github.com/torvalds/linux/commit/0048b4837affd153897ed1222283492070027aa9 | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2018-02-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:36:31.768Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/0048b4837affd153897ed1222283492070027aa9" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-02-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege. Product: Android. Versions: Android kernel. Android ID: A-63083046." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-02T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/0048b4837affd153897ed1222283492070027aa9" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-02-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-02-05T00:00:00", "ID": "CVE-2015-9016", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege. Product: Android. Versions: Android kernel. Android ID: A-63083046." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "https://github.com/torvalds/linux/commit/0048b4837affd153897ed1222283492070027aa9", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/0048b4837affd153897ed1222283492070027aa9" }, { "name": "https://source.android.com/security/bulletin/2018-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-02-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2015-9016", "datePublished": "2018-04-05T18:00:00Z", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-09-17T04:28:55.719Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9558
Vulnerability from cvelistv5
Published
2018-12-06 14:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In rw_t2t_handle_tlv_detect of rw_t2t_ndef.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC kernel with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112161557.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/106147 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.216Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "106147", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106147" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } ], "datePublic": "2018-12-06T00:00:00", "descriptions": [ { "lang": "en", "value": "In rw_t2t_handle_tlv_detect of rw_t2t_ndef.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC kernel with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112161557." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-11T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "106147", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106147" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9558", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In rw_t2t_handle_tlv_detect of rw_t2t_ndef.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC kernel with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112161557." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "106147", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106147" }, { "name": "https://source.android.com/security/bulletin/2018-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9558", "datePublished": "2018-12-06T14:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.216Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10233
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-16 23:42
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34389926. References: QC-CR#897452.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97339 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.777Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97339", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97339" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34389926. References: QC-CR#897452." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97339", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97339" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-04-03T00:00:00", "ID": "CVE-2016-10233", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34389926. References: QC-CR#897452." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97339", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97339" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10233", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-01T00:00:00", "dateUpdated": "2024-09-16T23:42:13.671Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0750
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-17 00:16
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Upstream Linux file system. Product: Android. Versions: Android kernel. Android ID: A-36817013.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100215 | vdb-entry, x_refsource_BID | |
https://usn.ubuntu.com/3583-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0750.html | x_refsource_MISC | |
https://usn.ubuntu.com/3583-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM | |
https://security-tracker.debian.org/tracker/CVE-2017-0750 | x_refsource_MISC | |
https://bugzilla.novell.com/show_bug.cgi?id=1053160 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.083Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100215", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100215" }, { "name": "USN-3583-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3583-2/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0750.html" }, { "name": "USN-3583-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3583-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2017-0750" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.novell.com/show_bug.cgi?id=1053160" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Upstream Linux file system. Product: Android. Versions: Android kernel. Android ID: A-36817013." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-03-15T09:57:02", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100215", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100215" }, { "name": "USN-3583-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3583-2/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0750.html" }, { "name": "USN-3583-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3583-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" }, { "tags": [ "x_refsource_MISC" ], "url": "https://security-tracker.debian.org/tracker/CVE-2017-0750" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.novell.com/show_bug.cgi?id=1053160" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0750", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Upstream Linux file system. Product: Android. Versions: Android kernel. Android ID: A-36817013." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "100215", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100215" }, { "name": "USN-3583-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3583-2/" }, { "name": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0750.html", "refsource": "MISC", "url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0750.html" }, { "name": "USN-3583-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3583-1/" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" }, { "name": "https://security-tracker.debian.org/tracker/CVE-2017-0750", "refsource": "MISC", "url": "https://security-tracker.debian.org/tracker/CVE-2017-0750" }, { "name": "https://bugzilla.novell.com/show_bug.cgi?id=1053160", "refsource": "MISC", "url": "https://bugzilla.novell.com/show_bug.cgi?id=1053160" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0750", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T00:16:24.418Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0842
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-17 03:28
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37502513.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-11-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101718 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.279Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101718", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101718" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37502513." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-17T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101718", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101718" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0842", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37502513." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101718", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101718" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0842", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:28:40.967Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9454
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-16 17:48
Severity ?
EPSS score ?
Summary
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78286118.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-08-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1041432 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:54.915Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041432" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78286118." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041432" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9454", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78286118." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041432" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9454", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T17:48:54.851Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0431
Vulnerability from cvelistv5
Published
2018-04-05 18:00
Modified
2024-09-16 22:24
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32573899.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96068 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.172Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96068", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96068" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32573899." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-06T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96068", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96068" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-02-06T00:00:00", "ID": "CVE-2017-0431", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32573899." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96068", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96068" }, { "name": "https://source.android.com/security/bulletin/2017-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0431", "datePublished": "2018-04-05T18:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T22:24:41.464Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-9955
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-16 16:28
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384686.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98874 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:02:37.530Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384686." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-06-05T00:00:00", "ID": "CVE-2014-9955", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384686." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2014-9955", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-09-16T16:28:31.557Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0573
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34469904. References: B-RB#91539.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97331 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.562Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97331", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97331" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34469904. References: B-RB#91539." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97331", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97331" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0573", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34469904. References: B-RB#91539." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97331", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97331" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0573", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.562Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0858
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-16 19:05
Severity ?
EPSS score ?
Summary
Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64836894.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.316Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64836894." } ], "problemTypes": [ { "descriptions": [ { "description": "Other", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-16T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0858", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64836894." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Other" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0858", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T19:05:42.079Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9490
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-16 18:29
Severity ?
EPSS score ?
Summary
In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111274046
References
▼ | URL | Tags |
---|---|---|
https://android.googlesource.com/platform/external/chromium-libpac/+/948d4753664cc4e6b33cc3de634ac8fd5f781382%2C | x_refsource_MISC | |
https://source.android.com/security/bulletin/2018-10-01%2C | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/105484 | vdb-entry, x_refsource_BID | |
https://android.googlesource.com/platform/external/v8/+/a24543157ae2cdd25da43e20f4e48a07481e6ceb | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:54.944Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/chromium-libpac/+/948d4753664cc4e6b33cc3de634ac8fd5f781382%2C" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "name": "105484", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105484" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/v8/+/a24543157ae2cdd25da43e20f4e48a07481e6ceb" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111274046" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/external/chromium-libpac/+/948d4753664cc4e6b33cc3de634ac8fd5f781382%2C" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "name": "105484", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105484" }, { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/external/v8/+/a24543157ae2cdd25da43e20f4e48a07481e6ceb" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9490", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111274046" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://android.googlesource.com/platform/external/chromium-libpac/+/948d4753664cc4e6b33cc3de634ac8fd5f781382,", "refsource": "MISC", "url": "https://android.googlesource.com/platform/external/chromium-libpac/+/948d4753664cc4e6b33cc3de634ac8fd5f781382," }, { "name": "https://source.android.com/security/bulletin/2018-10-01,", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01," }, { "name": "105484", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105484" }, { "name": "https://android.googlesource.com/platform/external/v8/+/a24543157ae2cdd25da43e20f4e48a07481e6ceb", "refsource": "MISC", "url": "https://android.googlesource.com/platform/external/v8/+/a24543157ae2cdd25da43e20f4e48a07481e6ceb" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9490", "datePublished": "2018-10-02T19:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T18:29:26.810Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0646
Vulnerability from cvelistv5
Published
2017-06-14 13:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33899337.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98871 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.939Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98871", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98871" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33899337." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-07T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98871", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98871" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0646", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33899337." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98871", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98871" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0646", "datePublished": "2017-06-14T13:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.939Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0826
Vulnerability from cvelistv5
Published
2017-10-03 21:00
Modified
2024-09-17 01:57
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-34949781.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-10-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.310Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-34949781." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-03T20:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-10-02T00:00:00", "ID": "CVE-2017-0826", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-34949781." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0826", "datePublished": "2017-10-03T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T01:57:04.819Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6734
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30907120. References: NVIDIA N-CVE-2016-6734.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94140 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.471Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94140", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94140" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30907120. References: NVIDIA N-CVE-2016-6734." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94140", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94140" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6734", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30907120. References: NVIDIA N-CVE-2016-6734." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "94140", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94140" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6734", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.471Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0556
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093952.
References
▼ | URL | Tags |
---|---|---|
https://android.googlesource.com/platform/external/libmpeg2/+/f301cff2c1ddd880d9a2c77b22602a137519867b | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97332 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.296Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libmpeg2/+/f301cff2c1ddd880d9a2c77b22602a137519867b" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97332", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97332" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093952." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libmpeg2/+/f301cff2c1ddd880d9a2c77b22602a137519867b" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97332", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97332" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0556", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093952." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://android.googlesource.com/platform/external/libmpeg2/+/f301cff2c1ddd880d9a2c77b22602a137519867b", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libmpeg2/+/f301cff2c1ddd880d9a2c77b22602a137519867b" }, { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97332", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97332" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0556", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.296Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-9910
Vulnerability from cvelistv5
Published
2017-01-18 17:00
Modified
2024-08-06 14:02
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31746399. References: B-RB#26710.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94685 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:02:38.194Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94685", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94685" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-12-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31746399. References: B-RB#26710." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-19T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94685", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94685" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2014-9910", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31746399. References: B-RB#26710." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94685", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94685" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2014-9910", "datePublished": "2017-01-18T17:00:00", "dateReserved": "2016-10-28T00:00:00", "dateUpdated": "2024-08-06T14:02:38.194Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0413
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32161610.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96063 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.153Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96063", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96063" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32161610." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96063", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96063" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0413", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32161610." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96063", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96063" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0413", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.153Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0433
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31913571.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96061 | vdb-entry, x_refsource_BID | |
https://alephsecurity.com/vulns/aleph-2016001 | x_refsource_MISC | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.154Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96061", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96061" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://alephsecurity.com/vulns/aleph-2016001" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31913571." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96061", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96061" }, { "tags": [ "x_refsource_MISC" ], "url": "https://alephsecurity.com/vulns/aleph-2016001" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0433", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31913571." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96061", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96061" }, { "name": "https://alephsecurity.com/vulns/aleph-2016001", "refsource": "MISC", "url": "https://alephsecurity.com/vulns/aleph-2016001" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0433", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.154Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13191
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 20:42
Severity ?
EPSS score ?
Summary
In the ihevcd_decode function of ihevcd_decode.c, there is an infinite loop due to an incomplete frame error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380403.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/102414 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.765Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102414" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In the ihevcd_decode function of ihevcd_decode.c, there is an infinite loop due to an incomplete frame error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380403." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102414" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13191", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the ihevcd_decode function of ihevcd_decode.c, there is an infinite loop due to an incomplete frame error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380403." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102414" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13191", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T20:42:55.518Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10236
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-16 17:43
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm USB driver. Product: Android. Versions: Android kernel. Android ID: A-33280689. References: QC-CR#1102418.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97359 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.788Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97359", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97359" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm USB driver. Product: Android. Versions: Android kernel. Android ID: A-33280689. References: QC-CR#1102418." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97359", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97359" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-04-03T00:00:00", "ID": "CVE-2016-10236", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm USB driver. Product: Android. Versions: Android kernel. Android ID: A-33280689. References: QC-CR#1102418." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97359", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97359" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10236", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-01T00:00:00", "dateUpdated": "2024-09-16T17:43:12.180Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9503
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-16 16:22
Severity ?
EPSS score ?
Summary
In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-80432928
References
▼ | URL | Tags |
---|---|---|
https://android.googlesource.com/platform/system/bt/+/92a7bf8c44a236607c146240f3c0adc1ae01fedf%2C | x_refsource_MISC | |
http://www.securityfocus.com/bid/105482 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-10-01%2C | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/system/bt/+/9fe27a9b445f7e911286ed31c1087ceac567736b | x_refsource_MISC | |
https://android.googlesource.com/platform/system/bt/+/d4a34fefbf292d1e02336e4e272da3ef1e3eef85%2C | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.523Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/system/bt/+/92a7bf8c44a236607c146240f3c0adc1ae01fedf%2C" }, { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/system/bt/+/9fe27a9b445f7e911286ed31c1087ceac567736b" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/system/bt/+/d4a34fefbf292d1e02336e4e272da3ef1e3eef85%2C" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-80432928" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/system/bt/+/92a7bf8c44a236607c146240f3c0adc1ae01fedf%2C" }, { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/system/bt/+/9fe27a9b445f7e911286ed31c1087ceac567736b" }, { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/system/bt/+/d4a34fefbf292d1e02336e4e272da3ef1e3eef85%2C" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9503", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-80432928" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://android.googlesource.com/platform/system/bt/+/92a7bf8c44a236607c146240f3c0adc1ae01fedf,", "refsource": "MISC", "url": "https://android.googlesource.com/platform/system/bt/+/92a7bf8c44a236607c146240f3c0adc1ae01fedf," }, { "name": "105482", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105482" }, { "name": "https://source.android.com/security/bulletin/2018-10-01,", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01," }, { "name": "https://android.googlesource.com/platform/system/bt/+/9fe27a9b445f7e911286ed31c1087ceac567736b", "refsource": "MISC", "url": "https://android.googlesource.com/platform/system/bt/+/9fe27a9b445f7e911286ed31c1087ceac567736b" }, { "name": "https://android.googlesource.com/platform/system/bt/+/d4a34fefbf292d1e02336e4e272da3ef1e3eef85,", "refsource": "MISC", "url": "https://android.googlesource.com/platform/system/bt/+/d4a34fefbf292d1e02336e4e272da3ef1e3eef85," } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9503", "datePublished": "2018-10-02T19:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T16:22:27.641Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8398
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS security context exists in the UE. Product: Android. Versions: Kernel 3.18. Android ID: A-31548486. References: QC-CR#877705.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95227 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.286Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95227" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS security context exists in the UE. Product: Android. Versions: Kernel 3.18. Android ID: A-31548486. References: QC-CR#877705." } ], "problemTypes": [ { "descriptions": [ { "description": "Unauthenticated Messages", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95227" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8398", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS security context exists in the UE. Product: Android. Versions: Kernel 3.18. Android ID: A-31548486. References: QC-CR#877705." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Unauthenticated Messages" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95227" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8398", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.286Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13289
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-16 22:45
Severity ?
EPSS score ?
Summary
In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a write size mismatch. This could lead to a local escalation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70398564.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.003Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a write size mismatch. This could lead to a local escalation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70398564." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13289", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a write size mismatch. This could lead to a local escalation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70398564." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13289", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T22:45:22.814Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0496
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in Setup Wizard could allow a local malicious application to temporarily block access to an affected device. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-31554152.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96788 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.814Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96788", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96788" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in Setup Wizard could allow a local malicious application to temporarily block access to an affected device. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-31554152." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96788", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96788" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0496", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in Setup Wizard could allow a local malicious application to temporarily block access to an affected device. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-31554152." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96788", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96788" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0496", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.814Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0814
Vulnerability from cvelistv5
Published
2017-10-03 21:00
Modified
2024-09-16 20:07
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62800140.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-10-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101151 | vdb-entry, x_refsource_BID | |
https://android.googlesource.com/platform/external/tremolo/+/eeb4e45d5683f88488c083ecf142dc89bc3f0b47 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.306Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "name": "101151", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101151" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/tremolo/+/eeb4e45d5683f88488c083ecf142dc89bc3f0b47" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62800140." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-06T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "name": "101151", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101151" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/tremolo/+/eeb4e45d5683f88488c083ecf142dc89bc3f0b47" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-10-02T00:00:00", "ID": "CVE-2017-0814", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62800140." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "name": "101151", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101151" }, { "name": "https://android.googlesource.com/platform/external/tremolo/+/eeb4e45d5683f88488c083ecf142dc89bc3f0b47", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/tremolo/+/eeb4e45d5683f88488c083ecf142dc89bc3f0b47" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0814", "datePublished": "2017-10-03T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T20:07:50.076Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0560
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. This issue is rated as Moderate due to the possibility of bypassing device protection. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30681079.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97360 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.066Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97360", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97360" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. This issue is rated as Moderate due to the possibility of bypassing device protection. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30681079." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97360", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97360" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0560", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. This issue is rated as Moderate due to the possibility of bypassing device protection. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30681079." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97360", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97360" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0560", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.066Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8417
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32342399. References: QC-CR#1088824.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=01dcc0a7cc23f23a89adf72393d5a27c6d576cd0 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/96832 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.358Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=01dcc0a7cc23f23a89adf72393d5a27c6d576cd0" }, { "name": "96832", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96832" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32342399. References: QC-CR#1088824." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=01dcc0a7cc23f23a89adf72393d5a27c6d576cd0" }, { "name": "96832", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96832" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8417", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32342399. References: QC-CR#1088824." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=01dcc0a7cc23f23a89adf72393d5a27c6d576cd0", "refsource": "CONFIRM", "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=01dcc0a7cc23f23a89adf72393d5a27c6d576cd0" }, { "name": "96832", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96832" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8417", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.358Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9565
Vulnerability from cvelistv5
Published
2018-12-06 14:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In readBytes of xltdecwbxml.c, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-16680558.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/106065 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-16680558 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.048Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "106065", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106065" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-16680558" } ] } ], "datePublic": "2018-12-06T00:00:00", "descriptions": [ { "lang": "en", "value": "In readBytes of xltdecwbxml.c, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-16680558." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "106065", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106065" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9565", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-16680558" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In readBytes of xltdecwbxml.c, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-16680558." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "106065", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106065" }, { "name": "https://source.android.com/security/bulletin/2018-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9565", "datePublished": "2018-12-06T14:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.048Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0880
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 18:49
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID A-65646012.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-12-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102126 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.509Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102126" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID A-65646012." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-12T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102126" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-0880", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID A-65646012." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102126" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0880", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T18:49:34.912Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9577
Vulnerability from cvelistv5
Published
2018-12-07 23:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715937.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.010Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-12-07T00:00:00", "descriptions": [ { "lang": "en", "value": "In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715937." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-07T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9577", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715937." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9577", "datePublished": "2018-12-07T23:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.010Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0579
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34125463. References: QC-CR#1115406.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97339 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.679Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97339", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97339" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34125463. References: QC-CR#1115406." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97339", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97339" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0579", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34125463. References: QC-CR#1115406." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97339", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97339" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0579", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.679Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8440
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
Possible buffer overflow in SMMU system call. Improper input validation in ADSP SID2CB system call may result in hypervisor memory overwrite. Product: Android. Versions: Kernel 3.18. Android ID: A-31625306. References: QC-CR#1036747.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95227 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.340Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95227" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "Possible buffer overflow in SMMU system call. Improper input validation in ADSP SID2CB system call may result in hypervisor memory overwrite. Product: Android. Versions: Kernel 3.18. Android ID: A-31625306. References: QC-CR#1036747." } ], "problemTypes": [ { "descriptions": [ { "description": "Buffer Overflow", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95227" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8440", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Possible buffer overflow in SMMU system call. Improper input validation in ADSP SID2CB system call may result in hypervisor memory overwrite. Product: Android. Versions: Kernel 3.18. Android ID: A-31625306. References: QC-CR#1036747." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95227" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8440", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.340Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0784
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-17 03:17
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100671 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.334Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100671", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100671" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100671", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100671" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0784", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "100671", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100671" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0784", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:17:36.000Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0534
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32508732. References: QC-CR#1088206.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96734 | vdb-entry, x_refsource_BID | |
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.125Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96734", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96734" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32508732. References: QC-CR#1088206." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96734", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96734" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0534", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32508732. References: QC-CR#1088206." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96734", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96734" }, { "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f", "refsource": "CONFIRM", "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0534", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.125Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13256
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-09-16 16:34
Severity ?
EPSS score ?
Summary
In process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68817966.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-03-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/103253 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.051Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "103253", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103253" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68817966." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "103253", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103253" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2017-13256", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68817966." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "103253", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103253" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13256", "datePublished": "2018-04-04T17:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T16:34:02.341Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0540
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33966031.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/external/libhevc/+/01ca88bb6c5bdd44e071f8effebe12f1d7da9853 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97330 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.174Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/01ca88bb6c5bdd44e071f8effebe12f1d7da9853" }, { "name": "97330", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97330" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33966031." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-12T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/01ca88bb6c5bdd44e071f8effebe12f1d7da9853" }, { "name": "97330", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97330" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0540", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33966031." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "https://android.googlesource.com/platform/external/libhevc/+/01ca88bb6c5bdd44e071f8effebe12f1d7da9853", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libhevc/+/01ca88bb6c5bdd44e071f8effebe12f1d7da9853" }, { "name": "97330", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97330" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0540", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.174Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6765
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 7.0. Android ID: A-31449945.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94688 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.779Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94688", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94688" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 7.0. Android ID: A-31449945." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94688", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94688" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6765", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 7.0. Android ID: A-31449945." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "94688", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94688" }, { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6765", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.779Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0544
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. This issue is rated as High because it is a local arbitrary code execution in a privileged process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31992879.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97337 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.071Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97337", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97337" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. This issue is rated as High because it is a local arbitrary code execution in a privileged process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31992879." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97337", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97337" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0544", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. This issue is rated as High because it is a local arbitrary code execution in a privileged process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31992879." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97337", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97337" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0544", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.071Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6788
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek I2C driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31224428. References: MT-ALPS02943467.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94687 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.891Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94687", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94687" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek I2C driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31224428. References: MT-ALPS02943467." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94687", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94687" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6788", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek I2C driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31224428. References: MT-ALPS02943467." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94687", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94687" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6788", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.891Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9530
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In ixheaacd_tns_ar_filter_dec of ixheaacd_aac_tns.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112609715
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.943Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In ixheaacd_tns_ar_filter_dec of ixheaacd_aac_tns.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112609715" } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-14T17:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9530", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ixheaacd_tns_ar_filter_dec of ixheaacd_aac_tns.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112609715" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9530", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.943Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0594
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in codecs/aacenc/SoftAACEncoder2.cpp in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34617444.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98128 | vdb-entry, x_refsource_BID | |
https://android.googlesource.com/platform/frameworks/av/+/594bf934384920618d2b6ce0bcda1f60144cb3eb | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.852Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98128", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98128" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/594bf934384920618d2b6ce0bcda1f60144cb3eb" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in codecs/aacenc/SoftAACEncoder2.cpp in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34617444." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98128", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98128" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/594bf934384920618d2b6ce0bcda1f60144cb3eb" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0594", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in codecs/aacenc/SoftAACEncoder2.cpp in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34617444." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98128", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98128" }, { "name": "https://android.googlesource.com/platform/frameworks/av/+/594bf934384920618d2b6ce0bcda1f60144cb3eb", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/av/+/594bf934384920618d2b6ce0bcda1f60144cb3eb" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0594", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.852Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8419
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32454494. References: QC-CR#1087209.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96047 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.322Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96047", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32454494. References: QC-CR#1087209." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96047", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8419", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32454494. References: QC-CR#1087209." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96047", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8419", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.322Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0590
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35039946.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98123 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/external/libhevc/+/45c97f878bee15cd97262fe7f57ecea71990fed7 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.743Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98123", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98123" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/45c97f878bee15cd97262fe7f57ecea71990fed7" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35039946." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98123", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98123" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/45c97f878bee15cd97262fe7f57ecea71990fed7" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0590", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35039946." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "98123", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98123" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "https://android.googlesource.com/platform/external/libhevc/+/45c97f878bee15cd97262fe7f57ecea71990fed7", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libhevc/+/45c97f878bee15cd97262fe7f57ecea71990fed7" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0590", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.743Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13303
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-17 04:09
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-71359108. References: B-V2018010501.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.818Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-71359108. References: B-V2018010501." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13303", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-71359108. References: B-V2018010501." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13303", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T04:09:54.923Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0820
Vulnerability from cvelistv5
Published
2017-10-03 21:00
Modified
2024-09-16 16:49
Severity ?
EPSS score ?
Summary
A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187433.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-10-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101151 | vdb-entry, x_refsource_BID | |
https://android.googlesource.com/platform/frameworks/av/+/8a3a2f6ea7defe1a81bb32b3c9f3537f84749b9d | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.401Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "name": "101151", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101151" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/8a3a2f6ea7defe1a81bb32b3c9f3537f84749b9d" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187433." } ], "problemTypes": [ { "descriptions": [ { "description": "Other", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-06T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "name": "101151", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101151" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/8a3a2f6ea7defe1a81bb32b3c9f3537f84749b9d" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-10-02T00:00:00", "ID": "CVE-2017-0820", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187433." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Other" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "name": "101151", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101151" }, { "name": "https://android.googlesource.com/platform/frameworks/av/+/8a3a2f6ea7defe1a81bb32b3c9f3537f84749b9d", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/av/+/8a3a2f6ea7defe1a81bb32b3c9f3537f84749b9d" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0820", "datePublished": "2017-10-03T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T16:49:01.135Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8392
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31385862. References: QC-CR#1073136.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94681 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.196Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94681", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94681" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31385862. References: QC-CR#1073136." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94681", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94681" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8392", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31385862. References: QC-CR#1073136." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94681", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94681" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8392", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.196Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0384
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32095626.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95239 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:56.998Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe" }, { "name": "95239", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95239" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32095626." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe" }, { "name": "95239", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95239" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0384", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32095626." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe" }, { "name": "95239", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95239" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0384", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:56.998Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10235
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-16 16:22
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-34390620. References: QC-CR#1046409.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97361 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.846Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97361", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97361" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-34390620. References: QC-CR#1046409." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97361", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97361" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-04-03T00:00:00", "ID": "CVE-2016-10235", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-34390620. References: QC-CR#1046409." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97361", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97361" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10235", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-01T00:00:00", "dateUpdated": "2024-09-16T16:22:28.811Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0632
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35392586. References: QC-CR#832915.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98221 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.938Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98221", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98221" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35392586. References: QC-CR#832915." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98221", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98221" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0632", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35392586. References: QC-CR#832915." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "98221", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98221" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0632", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.938Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0636
Vulnerability from cvelistv5
Published
2017-06-14 13:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-35310230. References: M-ALPS03162263.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98866 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-N/A |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.828Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98866", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98866" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-N/A" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-35310230. References: M-ALPS03162263." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-07T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98866", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98866" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0636", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-N/A" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-35310230. References: M-ALPS03162263." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98866", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98866" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0636", "datePublished": "2017-06-14T13:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.828Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0790
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 17:15
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37357704. References: B-V2017053101.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100655 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.335Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100655", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100655" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37357704. References: B-V2017053101." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100655", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100655" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0790", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37357704. References: B-V2017053101." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100655", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100655" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0790", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T17:15:10.594Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13179
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 22:30
Severity ?
EPSS score ?
Summary
In the ihevcd_allocate_static_bufs and ihevcd_create functions of SoftHEVC, there is a possible out-of-bounds write due to a use after free. Both ps_codec_obj and ps_create_op->s_ivd_create_op_t.pv_handle point to the same memory and ps_codec_obj could be freed without clearing ps_create_op->s_ivd_create_op_t.pv_handle. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969193.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/102414 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.668Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102414" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In the ihevcd_allocate_static_bufs and ihevcd_create functions of SoftHEVC, there is a possible out-of-bounds write due to a use after free. Both ps_codec_obj and ps_create_op-\u003es_ivd_create_op_t.pv_handle point to the same memory and ps_codec_obj could be freed without clearing ps_create_op-\u003es_ivd_create_op_t.pv_handle. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969193." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102414" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13179", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the ihevcd_allocate_static_bufs and ihevcd_create functions of SoftHEVC, there is a possible out-of-bounds write due to a use after free. Both ps_codec_obj and ps_create_op-\u003es_ivd_create_op_t.pv_handle point to the same memory and ps_codec_obj could be freed without clearing ps_create_op-\u003es_ivd_create_op_t.pv_handle. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969193." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102414" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13179", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T22:30:04.808Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13286
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-16 21:07
Severity ?
EPSS score ?
Summary
In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due to mismatched serialization. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-69683251.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.969Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due to mismatched serialization. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-69683251." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13286", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due to mismatched serialization. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-69683251." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13286", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T21:07:27.066Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0651
Vulnerability from cvelistv5
Published
2017-06-14 13:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35644815.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98875 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.849Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98875", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98875" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35644815." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-07T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98875", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98875" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0651", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35644815." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98875", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98875" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0651", "datePublished": "2017-06-14T13:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.849Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0685
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-17 02:00
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34203195.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.806Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34203195." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0685", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34203195." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0685", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T02:00:40.288Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0670
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-17 03:12
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36104177.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/99470 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.875Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "99470", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99470" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36104177." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "99470", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99470" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0670", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36104177." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "99470", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99470" }, { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0670", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:12:23.484Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0689
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 17:18
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36215950.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:04.997Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36215950." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0689", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36215950." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0689", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T17:18:05.704Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13188
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 16:24
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (aac). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65280786.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-01-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/external/aac/+/8e3be529372892e20ccf196809bc73276c822189 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.730Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/aac/+/8e3be529372892e20ccf196809bc73276c822189" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (aac). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65280786." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-12T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/aac/+/8e3be529372892e20ccf196809bc73276c822189" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13188", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (aac). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65280786." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "name": "https://android.googlesource.com/platform/external/aac/+/8e3be529372892e20ccf196809bc73276c822189", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/aac/+/8e3be529372892e20ccf196809bc73276c822189" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13188", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T16:24:19.798Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0749
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-17 03:22
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Upstream Linux linux kernel. Product: Android. Versions: Android kernel. Android ID: A-36007735.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100215 | vdb-entry, x_refsource_BID | |
https://bugzilla.novell.com/show_bug.cgi?id=1053162 | x_refsource_MISC | |
https://security-tracker.debian.org/tracker/CVE-2017-0749 | x_refsource_MISC | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM | |
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0749.html | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.503Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100215", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100215" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.novell.com/show_bug.cgi?id=1053162" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2017-0749" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0749.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Upstream Linux linux kernel. Product: Android. Versions: Android kernel. Android ID: A-36007735." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-19T17:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100215", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100215" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.novell.com/show_bug.cgi?id=1053162" }, { "tags": [ "x_refsource_MISC" ], "url": "https://security-tracker.debian.org/tracker/CVE-2017-0749" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" }, { "tags": [ "x_refsource_MISC" ], "url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0749.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0749", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Upstream Linux linux kernel. Product: Android. Versions: Android kernel. Android ID: A-36007735." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "100215", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100215" }, { "name": "https://bugzilla.novell.com/show_bug.cgi?id=1053162", "refsource": "MISC", "url": "https://bugzilla.novell.com/show_bug.cgi?id=1053162" }, { "name": "https://security-tracker.debian.org/tracker/CVE-2017-0749", "refsource": "MISC", "url": "https://security-tracker.debian.org/tracker/CVE-2017-0749" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" }, { "name": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0749.html", "refsource": "MISC", "url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0749.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0749", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:22:32.219Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0694
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 19:05
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37093318.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:04.966Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37093318." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0694", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37093318." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0694", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T19:05:08.996Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0451
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796345. References: QC-CR#1073129.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96108 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.209Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96108", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96108" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796345. References: QC-CR#1073129." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96108", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96108" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0451", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796345. References: QC-CR#1073129." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96108", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96108" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0451", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.209Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0482
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33090864.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96733 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.946Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96733", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96733" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33090864." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96733", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96733" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0482", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33090864." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96733", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96733" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0482", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.946Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13176
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 17:38
Severity ?
EPSS score ?
Summary
In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68341964.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102422 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.636Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "102422", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102422" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68341964." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "102422", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102422" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13176", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68341964." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "102422", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102422" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13176", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T17:38:00.909Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13178
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 22:46
Severity ?
EPSS score ?
Summary
In the initDecoder function of SoftAVCDec, there is a possible out-of-bounds write to mCodecCtx due to a use after free when buffer allocation fails. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969281.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/102414 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.527Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102414" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In the initDecoder function of SoftAVCDec, there is a possible out-of-bounds write to mCodecCtx due to a use after free when buffer allocation fails. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969281." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102414" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13178", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the initDecoder function of SoftAVCDec, there is a possible out-of-bounds write to mCodecCtx due to a use after free when buffer allocation fails. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969281." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102414" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13178", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T22:46:14.397Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8467
Vulnerability from cvelistv5
Published
2017-01-13 16:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. Android ID: A-30308784.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95250 | vdb-entry, x_refsource_BID | |
https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/ | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.408Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95250", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95250" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. Android ID: A-30308784." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-16T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95250", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95250" }, { "tags": [ "x_refsource_MISC" ], "url": "https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8467", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. Android ID: A-30308784." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95250", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95250" }, { "name": "https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/", "refsource": "MISC", "url": "https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8467", "datePublished": "2017-01-13T16:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.408Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0423
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability in the Bluetooth stack. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32612586.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96102 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.152Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96102", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96102" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability in the Bluetooth stack. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32612586." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96102", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96102" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0423", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability in the Bluetooth stack. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32612586." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96102", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96102" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0423", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.152Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10288
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm LED driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33863909. References: QC-CR#1109763.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.975Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm LED driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33863909. References: QC-CR#1109763." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-12T14:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-10288", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm LED driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33863909. References: QC-CR#1109763." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10288", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-08-06T03:14:42.975Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8448
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31791148. References: MT-ALPS02982181.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95229 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.373Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95229", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95229" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31791148. References: MT-ALPS02982181." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95229", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95229" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8448", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31791148. References: MT-ALPS02982181." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95229", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95229" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8448", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.373Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0759
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 23:41
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36715268.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100649 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.082Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36715268." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0759", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36715268." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "100649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100649" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0759", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T23:41:04.168Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8452
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32506396. References: QC-CR#1050323.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95275 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.372Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95275", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95275" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32506396. References: QC-CR#1050323." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95275", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95275" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8452", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32506396. References: QC-CR#1050323." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95275", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95275" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8452", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.372Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0763
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-17 01:31
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62534693.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100649 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.513Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62534693." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0763", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62534693." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "100649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100649" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0763", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T01:31:47.672Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0557
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093073.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/external/libmpeg2/+/227c1f829127405e21dab1664393050c652ef71e | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97332 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.354Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libmpeg2/+/227c1f829127405e21dab1664393050c652ef71e" }, { "name": "97332", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97332" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093073." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libmpeg2/+/227c1f829127405e21dab1664393050c652ef71e" }, { "name": "97332", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97332" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0557", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093073." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "https://android.googlesource.com/platform/external/libmpeg2/+/227c1f829127405e21dab1664393050c652ef71e", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libmpeg2/+/227c1f829127405e21dab1664393050c652ef71e" }, { "name": "97332", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97332" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0557", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.354Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0797
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 17:58
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-62459766. References: M-ALPS03353854.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100652 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.240Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100652", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100652" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-62459766. References: M-ALPS03353854." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100652", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100652" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0797", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-62459766. References: M-ALPS03353854." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "100652", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100652" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0797", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T17:58:35.075Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9525
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a possible permissions bypass due to a confused deputy. This could lead to local escalation of privilege, allowing a local attacker to change device settings, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111330641
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105848 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.277Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105848", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105848" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a possible permissions bypass due to a confused deputy. This could lead to local escalation of privilege, allowing a local attacker to change device settings, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111330641" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-15T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105848", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105848" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9525", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a possible permissions bypass due to a confused deputy. This could lead to local escalation of privilege, allowing a local attacker to change device settings, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111330641" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "105848", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105848" }, { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9525", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.277Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-9008
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-17 04:25
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98874 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:36:31.118Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-06-05T00:00:00", "ID": "CVE-2015-9008", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2015-9008", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-09-17T04:25:19.563Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0792
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 20:52
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100655 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.341Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100655", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100655" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100655", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100655" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0792", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100655", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100655" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0792", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T20:52:14.191Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13166
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 22:40
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.
References
▼ | URL | Tags |
---|---|---|
https://www.debian.org/security/2018/dsa-4187 | vendor-advisory, x_refsource_DEBIAN | |
https://www.debian.org/security/2018/dsa-4120 | vendor-advisory, x_refsource_DEBIAN | |
https://access.redhat.com/errata/RHSA-2018:1062 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2018:1319 | vendor-advisory, x_refsource_REDHAT | |
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2018:2948 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2018:0676 | vendor-advisory, x_refsource_REDHAT | |
https://source.android.com/security/bulletin/pixel/2017-12-01 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2018:1170 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2018:1130 | vendor-advisory, x_refsource_REDHAT | |
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html | mailing-list, x_refsource_MLIST |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.550Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "DSA-4120", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4120" }, { "name": "RHSA-2018:1062", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "RHSA-2018:1319", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1319" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "RHSA-2018:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" }, { "name": "RHSA-2018:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1170" }, { "name": "RHSA-2018:1130", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1130" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-30T20:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "DSA-4120", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4120" }, { "name": "RHSA-2018:1062", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "RHSA-2018:1319", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1319" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "RHSA-2018:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" }, { "name": "RHSA-2018:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1170" }, { "name": "RHSA-2018:1130", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1130" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13166", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "DSA-4120", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4120" }, { "name": "RHSA-2018:1062", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "RHSA-2018:1319", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1319" }, { "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", "refsource": "CONFIRM", "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "name": "RHSA-2018:2948", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "RHSA-2018:0676", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "name": "https://source.android.com/security/bulletin/pixel/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" }, { "name": "RHSA-2018:1170", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1170" }, { "name": "RHSA-2018:1130", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1130" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13166", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T22:40:26.567Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13300
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-16 22:14
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1. Android ID: A-71567394.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.912Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1. Android ID: A-71567394." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13300", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1. Android ID: A-71567394." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13300", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T22:14:38.411Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0444
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Realtek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32705232.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96107 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.144Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96107", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96107" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Realtek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32705232." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96107", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96107" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0444", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Realtek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32705232." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96107", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96107" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0444", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.144Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0598
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34128677.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98133 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.565Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98133", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98133" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34128677." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98133", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98133" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0598", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34128677." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "98133", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98133" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0598", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.565Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9543
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In trim_device of f2fs_format_utils.c, it is possible that the data partition is not wiped during a factory reset. This could lead to local information disclosure after factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112868088.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105849 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-12-01 | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.926Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105849", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105849" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-12-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In trim_device of f2fs_format_utils.c, it is possible that the data partition is not wiped during a factory reset. This could lead to local information disclosure after factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112868088." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-06T13:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105849", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105849" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-12-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9543", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In trim_device of f2fs_format_utils.c, it is possible that the data partition is not wiped during a factory reset. This could lead to local information disclosure after factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112868088." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "105849", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105849" }, { "name": "https://source.android.com/security/bulletin/2018-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-12-01" }, { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9543", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.926Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13228
Vulnerability from cvelistv5
Published
2018-02-12 19:00
Modified
2024-09-17 01:20
Severity ?
EPSS score ?
Summary
In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478425.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-02-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102976 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.705Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-02-01" }, { "name": "102976", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102976" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478425." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-02-01" }, { "name": "102976", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102976" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-02-05T00:00:00", "ID": "CVE-2017-13228", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478425." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-02-01" }, { "name": "102976", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102976" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13228", "datePublished": "2018-02-12T19:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T01:20:32.606Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8442
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
Possible unauthorized memory access in the hypervisor. Lack of input validation could allow hypervisor memory to be accessed by the HLOS. Product: Android. Versions: Kernel 3.18. Android ID: A-31625910. QC-CR#1038173.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95227 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.301Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95227" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "Possible unauthorized memory access in the hypervisor. Lack of input validation could allow hypervisor memory to be accessed by the HLOS. Product: Android. Versions: Kernel 3.18. Android ID: A-31625910. QC-CR#1038173." } ], "problemTypes": [ { "descriptions": [ { "description": "Memory Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95227" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8442", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Possible unauthorized memory access in the hypervisor. Lack of input validation could allow hypervisor memory to be accessed by the HLOS. Product: Android. Versions: Kernel 3.18. Android ID: A-31625910. QC-CR#1038173." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Memory Access" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95227" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8442", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.301Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0460
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31252965. References: QC-CR#1098801.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
https://www.codeaurora.org/out-memory-and-out-bounds-vulnerability-while-handling-netlink-messages-cve-2017-0460 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/96948 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.171Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.codeaurora.org/out-memory-and-out-bounds-vulnerability-while-handling-netlink-messages-cve-2017-0460" }, { "name": "96948", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96948" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31252965. References: QC-CR#1098801." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.codeaurora.org/out-memory-and-out-bounds-vulnerability-while-handling-netlink-messages-cve-2017-0460" }, { "name": "96948", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96948" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0460", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31252965. References: QC-CR#1098801." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "https://www.codeaurora.org/out-memory-and-out-bounds-vulnerability-while-handling-netlink-messages-cve-2017-0460", "refsource": "CONFIRM", "url": "https://www.codeaurora.org/out-memory-and-out-bounds-vulnerability-while-handling-netlink-messages-cve-2017-0460" }, { "name": "96948", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96948" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0460", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.171Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6742
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30799828.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94131 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.645Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94131", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94131" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30799828." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94131", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94131" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6742", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30799828." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "94131", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94131" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6742", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.645Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0446
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32917445.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96054 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.169Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96054", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96054" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32917445." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96054", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96054" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0446", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32917445." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96054", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96054" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0446", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.169Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0474
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32589224.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96717 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.505Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96717" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32589224." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96717" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0474", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32589224." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96717" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0474", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.505Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0455
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm bootloader could help to enable a local malicious application to to execute arbitrary code within the context of the bootloader. This issue is rated as High because it is a general bypass for a bootloader level defense in depth or exploit mitigation technology. Product: Android. Versions: Kernel-3.18. Android ID: A-32370952. References: QC-CR#1082755.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96812 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=2c00928b4884fdb0b1661bcc530d7e68c9561a2f | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.210Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96812", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96812" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=2c00928b4884fdb0b1661bcc530d7e68c9561a2f" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm bootloader could help to enable a local malicious application to to execute arbitrary code within the context of the bootloader. This issue is rated as High because it is a general bypass for a bootloader level defense in depth or exploit mitigation technology. Product: Android. Versions: Kernel-3.18. Android ID: A-32370952. References: QC-CR#1082755." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96812", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96812" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=2c00928b4884fdb0b1661bcc530d7e68c9561a2f" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0455", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm bootloader could help to enable a local malicious application to to execute arbitrary code within the context of the bootloader. This issue is rated as High because it is a general bypass for a bootloader level defense in depth or exploit mitigation technology. Product: Android. Versions: Kernel-3.18. Android ID: A-32370952. References: QC-CR#1082755." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "96812", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96812" }, { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=2c00928b4884fdb0b1661bcc530d7e68c9561a2f", "refsource": "CONFIRM", "url": "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=2c00928b4884fdb0b1661bcc530d7e68c9561a2f" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0455", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.210Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0864
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-17 01:26
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek ioctl (flashlight). Product: Android. Versions: Android kernel. Android ID: A-37277147. References: M-ALPS03394571.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.395Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek ioctl (flashlight). Product: Android. Versions: Android kernel. Android ID: A-37277147. References: M-ALPS03394571." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-16T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0864", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek ioctl (flashlight). Product: Android. Versions: Android kernel. Android ID: A-37277147. References: M-ALPS03394571." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0864", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T01:26:41.841Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0781
Vulnerability from cvelistv5
Published
2017-09-14 19:00
Modified
2024-09-16 19:09
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105.
References
▼ | URL | Tags |
---|---|---|
https://www.exploit-db.com/exploits/44415/ | exploit, x_refsource_EXPLOIT-DB | |
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100810 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.289Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "44415", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/44415/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100810", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100810" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-09-12T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-08T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "44415", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/44415/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100810", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100810" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-12T00:00:00", "ID": "CVE-2017-0781", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "44415", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44415/" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100810", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100810" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0781", "datePublished": "2017-09-14T19:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T19:09:06.188Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-6424
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-16 16:48
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-32086742. References: QC-CR#1102648.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97396 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T15:25:49.312Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97396", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97396" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-32086742. References: QC-CR#1102648." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97396", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97396" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-04-03T00:00:00", "ID": "CVE-2017-6424", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-32086742. References: QC-CR#1102648." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97396", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97396" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-6424", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-01T00:00:00", "dateUpdated": "2024-09-16T16:48:42.158Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0832
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-16 19:36
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62887820.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-11-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101717 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.318Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101717", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101717" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62887820." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-17T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101717", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101717" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0832", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62887820." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101717", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101717" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0832", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T19:36:56.103Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-6426
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-17 01:21
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm SPMI driver. Product: Android. Versions: Android kernel. Android ID: A-33644474. References: QC-CR#1106842.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97355 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T15:25:49.315Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97355", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97355" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm SPMI driver. Product: Android. Versions: Android kernel. Android ID: A-33644474. References: QC-CR#1106842." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97355", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97355" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-04-03T00:00:00", "ID": "CVE-2017-6426", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm SPMI driver. Product: Android. Versions: Android kernel. Android ID: A-33644474. References: QC-CR#1106842." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97355", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97355" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-6426", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-01T00:00:00", "dateUpdated": "2024-09-17T01:21:59.030Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0667
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-17 02:05
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37478824.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/99470 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.951Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "99470", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99470" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37478824." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "99470", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99470" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0667", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37478824." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "99470", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99470" }, { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0667", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T02:05:48.355Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0495
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33552073.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96796 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.584Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96796", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96796" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33552073." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96796", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96796" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0495", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33552073." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96796", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96796" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0495", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.584Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0841
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-17 03:54
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android system (libutils). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-11-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101718 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.220Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101718", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101718" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android system (libutils). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-17T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101718", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101718" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0841", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android system (libutils). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101718", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101718" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0841", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:54:23.493Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6745
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-31252388.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94131 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.574Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94131", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94131" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-31252388." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94131", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94131" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6745", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-31252388." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "94131", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94131" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6745", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.574Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0491
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Package Manager could enable a local malicious application to prevent users from uninstalling applications or removing permissions from applications. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32553261.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96791 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.579Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96791", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96791" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Package Manager could enable a local malicious application to prevent users from uninstalling applications or removing permissions from applications. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32553261." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96791", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96791" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0491", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Package Manager could enable a local malicious application to prevent users from uninstalling applications or removing permissions from applications. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32553261." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96791", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96791" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0491", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.579Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0585
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32475556. References: B-RB#112953.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97366 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.496Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97366", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97366" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32475556. References: B-RB#112953." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97366", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97366" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0585", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32475556. References: B-RB#112953." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97366", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97366" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0585", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.496Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13266
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-09-17 00:56
Severity ?
EPSS score ?
Summary
In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478941.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-03-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/103253 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.685Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "103253", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103253" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478941." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "103253", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103253" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2017-13266", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478941." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "103253", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103253" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13266", "datePublished": "2018-04-04T17:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T00:56:47.101Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13305
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-16 18:13
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3631-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3631-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://source.android.com/security/bulletin/pixel/2018-04-01 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2018:2165 | vendor-advisory, x_refsource_REDHAT | |
https://usn.ubuntu.com/3655-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3655-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html | mailing-list, x_refsource_MLIST |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.897Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3631-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3631-2/" }, { "name": "USN-3631-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3631-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" }, { "name": "RHSA-2018:2165", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2165" }, { "name": "USN-3655-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3655-1/" }, { "name": "USN-3655-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3655-2/" }, { "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" }, { "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-04-01T20:06:10", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "USN-3631-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3631-2/" }, { "name": "USN-3631-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3631-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" }, { "name": "RHSA-2018:2165", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2165" }, { "name": "USN-3655-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3655-1/" }, { "name": "USN-3655-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3655-2/" }, { "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" }, { "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13305", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3631-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3631-2/" }, { "name": "USN-3631-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3631-1/" }, { "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" }, { "name": "RHSA-2018:2165", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2165" }, { "name": "USN-3655-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3655-1/" }, { "name": "USN-3655-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3655-2/" }, { "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" }, { "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13305", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T18:13:39.183Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13184
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 17:18
Severity ?
EPSS score ?
Summary
In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-65483324.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/102414 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.539Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102414" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-65483324." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102414" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13184", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-65483324." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102414" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13184", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T17:18:22.069Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0447
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32919560.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96054 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.195Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96054", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96054" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32919560." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96054", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96054" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0447", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32919560." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96054", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96054" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0447", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.195Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0812
Vulnerability from cvelistv5
Published
2017-10-03 21:00
Modified
2024-09-16 19:14
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Android media framework (audio hal). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62873231.
References
▼ | URL | Tags |
---|---|---|
https://android.googlesource.com/device/google/dragon/+/7df7ec13b1d222ac3a66797fbe432605ea8f973f | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2017-10-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101088 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.256Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/device/google/dragon/+/7df7ec13b1d222ac3a66797fbe432605ea8f973f" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-10-01" }, { "name": "101088", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101088" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Android media framework (audio hal). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62873231." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/device/google/dragon/+/7df7ec13b1d222ac3a66797fbe432605ea8f973f" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-10-01" }, { "name": "101088", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101088" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-10-02T00:00:00", "ID": "CVE-2017-0812", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Android media framework (audio hal). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62873231." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://android.googlesource.com/device/google/dragon/+/7df7ec13b1d222ac3a66797fbe432605ea8f973f", "refsource": "CONFIRM", "url": "https://android.googlesource.com/device/google/dragon/+/7df7ec13b1d222ac3a66797fbe432605ea8f973f" }, { "name": "https://source.android.com/security/bulletin/2017-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-10-01" }, { "name": "101088", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101088" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0812", "datePublished": "2017-10-03T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T19:14:43.588Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0697
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 20:27
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37239013.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:04.991Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37239013." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0697", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37239013." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0697", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T20:27:26.040Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8443
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
Possible unauthorized memory access in the hypervisor. Incorrect configuration provides access to subsystem page tables. Product: Android. Versions: Kernel 3.18. Android ID: A-32576499. References: QC-CR#964185.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95227 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.337Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95227" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "Possible unauthorized memory access in the hypervisor. Incorrect configuration provides access to subsystem page tables. Product: Android. Versions: Kernel 3.18. Android ID: A-32576499. References: QC-CR#964185." } ], "problemTypes": [ { "descriptions": [ { "description": "Memory Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95227" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8443", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Possible unauthorized memory access in the hypervisor. Incorrect configuration provides access to subsystem page tables. Product: Android. Versions: Kernel 3.18. Android ID: A-32576499. References: QC-CR#964185." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Memory Access" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95227" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8443", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.337Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0809
Vulnerability from cvelistv5
Published
2017-10-03 21:00
Modified
2024-09-16 21:03
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673128.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-10-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/frameworks/av/+/552a3b5df2a6876d10da20f72e4cc0d44ac2c790 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101088 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.260Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-10-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/552a3b5df2a6876d10da20f72e4cc0d44ac2c790" }, { "name": "101088", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101088" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673128." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-10-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/552a3b5df2a6876d10da20f72e4cc0d44ac2c790" }, { "name": "101088", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101088" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-10-02T00:00:00", "ID": "CVE-2017-0809", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673128." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-10-01" }, { "name": "https://android.googlesource.com/platform/frameworks/av/+/552a3b5df2a6876d10da20f72e4cc0d44ac2c790", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/av/+/552a3b5df2a6876d10da20f72e4cc0d44ac2c790" }, { "name": "101088", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101088" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0809", "datePublished": "2017-10-03T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T21:03:42.960Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8457
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219453. References: B-RB#106116.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95240 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.342Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95240", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95240" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219453. References: B-RB#106116." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95240", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95240" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8457", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219453. References: B-RB#106116." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95240", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95240" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8457", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.342Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13257
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-09-16 17:49
Severity ?
EPSS score ?
Summary
In bta_pan_data_buf_ind_cback of bta_pan_act.cc there is a use after free that can result in an out of bounds read of memory allocated via malloc. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110692.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-03-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/103253 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.052Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "103253", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103253" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In bta_pan_data_buf_ind_cback of bta_pan_act.cc there is a use after free that can result in an out of bounds read of memory allocated via malloc. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110692." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "103253", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103253" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2017-13257", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In bta_pan_data_buf_ind_cback of bta_pan_act.cc there is a use after free that can result in an out of bounds read of memory allocated via malloc. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110692." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "103253", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103253" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13257", "datePublished": "2018-04-04T17:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T17:49:00.412Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0806
Vulnerability from cvelistv5
Published
2017-10-03 21:00
Modified
2024-09-16 21:57
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62998805.
References
▼ | URL | Tags |
---|---|---|
https://android.googlesource.com/platform/frameworks/base/+/b87c968e5a41a1a09166199bf54eee12608f3900 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101086 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-10-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.327Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/b87c968e5a41a1a09166199bf54eee12608f3900" }, { "name": "101086", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101086" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-10-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62998805." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/b87c968e5a41a1a09166199bf54eee12608f3900" }, { "name": "101086", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101086" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-10-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-10-02T00:00:00", "ID": "CVE-2017-0806", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62998805." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://android.googlesource.com/platform/frameworks/base/+/b87c968e5a41a1a09166199bf54eee12608f3900", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/base/+/b87c968e5a41a1a09166199bf54eee12608f3900" }, { "name": "101086", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101086" }, { "name": "https://source.android.com/security/bulletin/2017-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-10-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0806", "datePublished": "2017-10-03T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T21:57:19.412Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13208
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 17:19
Severity ?
EPSS score ?
Summary
In receive_packet of libnetutils/packet.c, there is a possible out-of-bounds write due to a missing bounds check on the DHCP response. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67474440.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102415 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.703Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "102415", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102415" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In receive_packet of libnetutils/packet.c, there is a possible out-of-bounds write due to a missing bounds check on the DHCP response. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67474440." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "102415", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102415" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13208", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In receive_packet of libnetutils/packet.c, there is a possible out-of-bounds write due to a missing bounds check on the DHCP response. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67474440." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "102415", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102415" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13208", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T17:19:18.730Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0430
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32838767. References: B-RB#107459.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96065 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.162Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96065", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96065" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32838767. References: B-RB#107459." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96065", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96065" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0430", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32838767. References: B-RB#107459." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96065", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96065" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0430", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.162Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0700
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 19:45
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-35639138.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99472 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:04.438Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99472", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99472" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-35639138." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99472", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99472" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0700", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-35639138." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99472", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99472" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0700", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T19:45:49.054Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0786
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-17 00:15
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100655 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.262Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100655", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100655" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100655", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100655" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0786", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100655", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100655" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0786", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T00:15:42.279Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13284
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-16 17:58
Severity ?
EPSS score ?
Summary
In config_set_string of config.cc, it is possible to pair a second BT keyboard without user approval due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70808273.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.107Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In config_set_string of config.cc, it is possible to pair a second BT keyboard without user approval due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70808273." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13284", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In config_set_string of config.cc, it is possible to pair a second BT keyboard without user approval due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70808273." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13284", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T17:58:41.881Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0532
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the MediaTek video codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-32370398. References: M-ALPS03069985.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96834 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.840Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96834", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96834" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the MediaTek video codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-32370398. References: M-ALPS03069985." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96834", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96834" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0532", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the MediaTek video codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-32370398. References: M-ALPS03069985." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96834", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96834" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0532", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.840Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9493
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-16 22:46
Severity ?
EPSS score ?
Summary
In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111085900
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-10-01%2C | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/frameworks/base/+/ebc250d16c747f4161167b5ff58b3aea88b37acf | x_refsource_MISC | |
http://www.securityfocus.com/bid/105484 | vdb-entry, x_refsource_BID | |
https://android.googlesource.com/platform/frameworks/base/+/462aaeaa616e0bb1342e8ef7b472acc0cbc93deb%2C | x_refsource_MISC | |
https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/e7364907439578ce5334bce20bb03fef2e88b107%2C | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.494Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/ebc250d16c747f4161167b5ff58b3aea88b37acf" }, { "name": "105484", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105484" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/462aaeaa616e0bb1342e8ef7b472acc0cbc93deb%2C" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/e7364907439578ce5334bce20bb03fef2e88b107%2C" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111085900" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/ebc250d16c747f4161167b5ff58b3aea88b37acf" }, { "name": "105484", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105484" }, { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/462aaeaa616e0bb1342e8ef7b472acc0cbc93deb%2C" }, { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/e7364907439578ce5334bce20bb03fef2e88b107%2C" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9493", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111085900" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-10-01,", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01," }, { "name": "https://android.googlesource.com/platform/frameworks/base/+/ebc250d16c747f4161167b5ff58b3aea88b37acf", "refsource": "MISC", "url": "https://android.googlesource.com/platform/frameworks/base/+/ebc250d16c747f4161167b5ff58b3aea88b37acf" }, { "name": "105484", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105484" }, { "name": "https://android.googlesource.com/platform/frameworks/base/+/462aaeaa616e0bb1342e8ef7b472acc0cbc93deb,", "refsource": "MISC", "url": "https://android.googlesource.com/platform/frameworks/base/+/462aaeaa616e0bb1342e8ef7b472acc0cbc93deb," }, { "name": "https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/e7364907439578ce5334bce20bb03fef2e88b107,", "refsource": "MISC", "url": "https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/e7364907439578ce5334bce20bb03fef2e88b107," } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9493", "datePublished": "2018-10-02T19:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T22:46:09.161Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8451
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.4. Android ID: A-32178033.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95277 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.368Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95277", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95277" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.4" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.4. Android ID: A-32178033." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95277", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95277" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8451", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.4" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.4. Android ID: A-32178033." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95277", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95277" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8451", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.368Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0553
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library.
References
▼ | URL | Tags |
---|---|---|
http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb | x_refsource_CONFIRM | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KIHASXRQO2YTQPKVP4VGIB2XHPANG6YX/ | vendor-advisory, x_refsource_FEDORA | |
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://lists.infradead.org/pipermail/libnl/2017-May/002313.html | mailing-list, x_refsource_MLIST | |
https://access.redhat.com/errata/RHSA-2017:2299 | vendor-advisory, x_refsource_REDHAT | |
http://www.securityfocus.com/bid/97340 | vdb-entry, x_refsource_BID | |
http://www.ubuntu.com/usn/USN-3311-2 | vendor-advisory, x_refsource_UBUNTU | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VCF5KS6HOJZLFIY2ZSXSVSDQX65A2PU/ | vendor-advisory, x_refsource_FEDORA | |
https://usn.ubuntu.com/usn/usn-3311-1/ | vendor-advisory, x_refsource_UBUNTU | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.544Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb" }, { "name": "FEDORA-2017-34f6e70fdd", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KIHASXRQO2YTQPKVP4VGIB2XHPANG6YX/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "[libnl] 20170503 ANN: libnl 3.3.0 released", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.infradead.org/pipermail/libnl/2017-May/002313.html" }, { "name": "RHSA-2017:2299", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2299" }, { "name": "97340", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97340" }, { "name": "USN-3311-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-3311-2" }, { "name": "FEDORA-2017-7a5363b41d", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VCF5KS6HOJZLFIY2ZSXSVSDQX65A2PU/" }, { "name": "USN-3311-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/usn/usn-3311-1/" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb" }, { "name": "FEDORA-2017-34f6e70fdd", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KIHASXRQO2YTQPKVP4VGIB2XHPANG6YX/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "[libnl] 20170503 ANN: libnl 3.3.0 released", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.infradead.org/pipermail/libnl/2017-May/002313.html" }, { "name": "RHSA-2017:2299", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2299" }, { "name": "97340", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97340" }, { "name": "USN-3311-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-3311-2" }, { "name": "FEDORA-2017-7a5363b41d", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VCF5KS6HOJZLFIY2ZSXSVSDQX65A2PU/" }, { "name": "USN-3311-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/usn/usn-3311-1/" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0553", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb", "refsource": "CONFIRM", "url": "http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb" }, { "name": "FEDORA-2017-34f6e70fdd", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KIHASXRQO2YTQPKVP4VGIB2XHPANG6YX/" }, { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "[libnl] 20170503 ANN: libnl 3.3.0 released", "refsource": "MLIST", "url": "http://lists.infradead.org/pipermail/libnl/2017-May/002313.html" }, { "name": "RHSA-2017:2299", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2299" }, { "name": "97340", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97340" }, { "name": "USN-3311-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3311-2" }, { "name": "FEDORA-2017-7a5363b41d", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VCF5KS6HOJZLFIY2ZSXSVSDQX65A2PU/" }, { "name": "USN-3311-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/usn/usn-3311-1/" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0553", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.544Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0874
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 20:27
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63315932.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-12-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102126 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.445Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102126" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63315932." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-12T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102126" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-0874", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63315932." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102126" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0874", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T20:27:59.503Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13152
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-17 00:16
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (libmedia drm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62872384.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.451Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (libmedia drm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62872384." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-06T13:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13152", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (libmedia drm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62872384." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13152", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T00:16:02.025Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0453
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33979145. References: QC-CR#1105085.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96735 | vdb-entry, x_refsource_BID | |
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=05af1f34723939f477cb7d25adb320d016d68513 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.157Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96735", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96735" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=05af1f34723939f477cb7d25adb320d016d68513" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33979145. References: QC-CR#1105085." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96735", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96735" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=05af1f34723939f477cb7d25adb320d016d68513" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0453", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33979145. References: QC-CR#1105085." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96735", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96735" }, { "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=05af1f34723939f477cb7d25adb320d016d68513", "refsource": "CONFIRM", "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=05af1f34723939f477cb7d25adb320d016d68513" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0453", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.157Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0745
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-16 18:18
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (avc decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37079296.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.762Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (avc decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37079296." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0745", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (avc decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37079296." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0745", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T18:18:41.031Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13278
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-16 16:28
Severity ?
EPSS score ?
Summary
In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70546581.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.379Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70546581." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13278", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70546581." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13278", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T16:28:24.709Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6718
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Account Manager Service in Android 7.0 before 2016-11-01 could enable a local malicious application to retrieve sensitive information without user interaction. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-30455516.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94175 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.566Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94175", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94175" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Account Manager Service in Android 7.0 before 2016-11-01 could enable a local malicious application to retrieve sensitive information without user interaction. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-30455516." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94175", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94175" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6718", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Account Manager Service in Android 7.0 before 2016-11-01 could enable a local malicious application to retrieve sensitive information without user interaction. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-30455516." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "94175", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94175" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6718", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.566Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0802
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 22:51
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36232120. References: M-ALPS03384818.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100652 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.252Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100652", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100652" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36232120. References: M-ALPS03384818." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100652", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100652" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0802", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36232120. References: M-ALPS03384818." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "100652", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100652" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0802", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T22:51:12.483Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9355
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-16 22:45
Severity ?
EPSS score ?
Summary
In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74016921.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/104461 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:17:51.952Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-06-01" }, { "name": "104461", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104461" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74016921." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-06-01" }, { "name": "104461", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104461" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9355", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74016921." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-06-01" }, { "name": "104461", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104461" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9355", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T22:45:19.702Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0425
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32720785.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96106 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.212Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96106", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96106" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32720785." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96106", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96106" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0425", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32720785." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96106", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96106" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0425", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.212Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0702
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 16:37
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36621442.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99472 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:04.920Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99472", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99472" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36621442." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99472", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99472" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0702", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36621442." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99472", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99472" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0702", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T16:37:57.276Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9536
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105865 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.886Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105865", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105865" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-15T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105865", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105865" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9536", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "105865", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105865" }, { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9536", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.886Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0779
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 22:21
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Android media framework (audioflinger). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38340117.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100649 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.308Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Android media framework (audioflinger). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38340117." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0779", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Android media framework (audioflinger). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38340117." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "100649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100649" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0779", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T22:21:09.689Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0736
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-16 17:18
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38487564.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.151Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38487564." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0736", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38487564." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0736", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T17:18:23.974Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0499
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in Audioserver could enable a local malicious application to cause a device hang or reboot. This issue is rated as Low due to the possibility of a temporary denial of service. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32095713.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96806 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.983Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96806", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96806" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in Audioserver could enable a local malicious application to cause a device hang or reboot. This issue is rated as Low due to the possibility of a temporary denial of service. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32095713." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96806", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96806" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0499", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in Audioserver could enable a local malicious application to cause a device hang or reboot. This issue is rated as Low due to the possibility of a temporary denial of service. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32095713." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96806", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96806" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0499", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.983Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6791
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31252384. References: QC-CR#1071809.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94681 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.928Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94681", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94681" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31252384. References: QC-CR#1071809." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94681", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94681" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6791", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31252384. References: QC-CR#1071809." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94681", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94681" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6791", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.928Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8434
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32125137. References: QC-CR#1081855.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95257 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.318Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95257", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95257" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32125137. References: QC-CR#1081855." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95257", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95257" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8434", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32125137. References: QC-CR#1081855." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95257", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95257" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8434", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.318Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6771
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Telephony could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 6.0, 6.0.1, 7.0. Android ID: A-31566390.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94706 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.906Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94706", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94706" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Telephony could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 6.0, 6.0.1, 7.0. Android ID: A-31566390." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94706", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94706" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6771", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Telephony could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 6.0, 6.0.1, 7.0. Android ID: A-31566390." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "94706", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94706" }, { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6771", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.906Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6756
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29464815. References: QC-CR#1042068.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94693 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.868Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94693", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94693" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29464815. References: QC-CR#1042068." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94693", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94693" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6756", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29464815. References: QC-CR#1042068." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94693", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94693" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6756", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.868Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0614
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399405. References: QC-CR#1080290.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98187 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.644Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98187", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98187" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399405. References: QC-CR#1080290." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98187", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98187" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0614", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399405. References: QC-CR#1080290." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98187", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98187" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0614", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.644Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6766
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in libmedia and libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31318219.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94688 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.790Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94688", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94688" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in libmedia and libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31318219." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94688", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94688" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6766", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in libmedia and libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31318219." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "94688", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94688" }, { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6766", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.790Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6769
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Smart Lock could enable a local malicious user to access Smart Lock settings without a PIN. This issue is rated as Moderate because it first requires physical access to an unlocked device where Smart Lock was the last settings pane accessed by the user. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-29055171.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94703 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.836Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94703", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94703" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Smart Lock could enable a local malicious user to access Smart Lock settings without a PIN. This issue is rated as Moderate because it first requires physical access to an unlocked device where Smart Lock was the last settings pane accessed by the user. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-29055171." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94703", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94703" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6769", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Smart Lock could enable a local malicious user to access Smart Lock settings without a PIN. This issue is rated as Moderate because it first requires physical access to an unlocked device where Smart Lock was the last settings pane accessed by the user. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-29055171." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94703", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94703" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6769", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.836Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0509
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32124445. References: B-RB#110688.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96797 | vdb-entry, x_refsource_BID | |
http://www.securityfocus.com/bid/94943 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.644Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96797", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96797" }, { "name": "94943", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94943" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32124445. References: B-RB#110688." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-30T17:06:05", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96797", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96797" }, { "name": "94943", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94943" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0509", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32124445. References: B-RB#110688." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96797", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96797" }, { "name": "94943", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94943" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0509", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.644Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0838
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-17 03:23
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-63522818.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.159Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-63522818." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-16T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0838", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-63522818." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0838", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:23:20.451Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9528
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In ixheaacd_over_lap_add1_armv8 of ixheaacd_overlap_add1.s there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112551721
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.903Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In ixheaacd_over_lap_add1_armv8 of ixheaacd_overlap_add1.s there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112551721" } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-14T17:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9528", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ixheaacd_over_lap_add1_armv8 of ixheaacd_overlap_add1.s there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112551721" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9528", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.903Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10275
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-34514954. References: QC-CR#1009111.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98146 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.967Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98146", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98146" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-34514954. References: QC-CR#1009111." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98146", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98146" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-10275", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-34514954. References: QC-CR#1009111." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "98146", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98146" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10275", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-08-06T03:14:42.967Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0816
Vulnerability from cvelistv5
Published
2017-10-03 21:00
Modified
2024-09-17 04:14
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63662938.
References
▼ | URL | Tags |
---|---|---|
https://android.googlesource.com/platform/frameworks/av/+/f490fc335772a9b14e78997486f4a572b0594c04 | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2017-10-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101088 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.301Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/f490fc335772a9b14e78997486f4a572b0594c04" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-10-01" }, { "name": "101088", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101088" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63662938." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/f490fc335772a9b14e78997486f4a572b0594c04" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-10-01" }, { "name": "101088", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101088" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-10-02T00:00:00", "ID": "CVE-2017-0816", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63662938." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://android.googlesource.com/platform/frameworks/av/+/f490fc335772a9b14e78997486f4a572b0594c04", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/av/+/f490fc335772a9b14e78997486f4a572b0594c04" }, { "name": "https://source.android.com/security/bulletin/2017-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-10-01" }, { "name": "101088", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101088" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0816", "datePublished": "2017-10-03T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T04:14:14.194Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0712
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-17 04:14
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Android framework (wi-fi service). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207928.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100220 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.476Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100220", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100220" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Android framework (wi-fi service). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207928." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100220", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100220" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0712", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Android framework (wi-fi service). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207928." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "100220", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100220" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0712", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T04:14:24.267Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13290
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-16 22:01
Severity ?
EPSS score ?
Summary
In sdp_server_handle_client_req of sdp_server.cc, there is an out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69384124.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.304Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In sdp_server_handle_client_req of sdp_server.cc, there is an out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69384124." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13290", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In sdp_server_handle_client_req of sdp_server.cc, there is an out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69384124." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13290", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T22:01:56.494Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0767
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 22:46
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37536407.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100649 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.412Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37536407." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0767", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37536407." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "100649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100649" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0767", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T22:46:17.004Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0879
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-17 02:52
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65025028.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.510Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65025028." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-06T13:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-0879", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65025028." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0879", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T02:52:31.536Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13231
Vulnerability from cvelistv5
Published
2018-02-12 19:00
Modified
2024-09-17 02:07
Severity ?
EPSS score ?
Summary
In libmediadrm, there is an out-of-bounds write due to improper input validation. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67962232.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-02-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102976 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.892Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-02-01" }, { "name": "102976", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102976" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In libmediadrm, there is an out-of-bounds write due to improper input validation. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67962232." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-02-01" }, { "name": "102976", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102976" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-02-05T00:00:00", "ID": "CVE-2017-13231", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In libmediadrm, there is an out-of-bounds write due to improper input validation. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67962232." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-02-01" }, { "name": "102976", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102976" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13231", "datePublished": "2018-02-12T19:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T02:07:12.902Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0466
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33139050.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96717 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.157Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96717" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33139050." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96717" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0466", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33139050." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96717" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0466", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.157Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9508
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-16 19:35
Severity ?
EPSS score ?
Summary
In smp_process_keypress_notification of smp_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-111936834
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105482 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-10-01%2C | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/system/bt/+/e8bbf5b0889790cf8616f4004867f0ff656f0551 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.787Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/system/bt/+/e8bbf5b0889790cf8616f4004867f0ff656f0551" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In smp_process_keypress_notification of smp_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-111936834" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/system/bt/+/e8bbf5b0889790cf8616f4004867f0ff656f0551" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9508", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In smp_process_keypress_notification of smp_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-111936834" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "105482", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105482" }, { "name": "https://source.android.com/security/bulletin/2018-10-01,", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01," }, { "name": "https://android.googlesource.com/platform/system/bt/+/e8bbf5b0889790cf8616f4004867f0ff656f0551", "refsource": "MISC", "url": "https://android.googlesource.com/platform/system/bt/+/e8bbf5b0889790cf8616f4004867f0ff656f0551" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9508", "datePublished": "2018-10-02T19:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T19:35:10.168Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0542
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33934721.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/external/libavc/+/33ef7de9ddc8ea7eb9cbc440d1cf89957a0c267b | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97330 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.103Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libavc/+/33ef7de9ddc8ea7eb9cbc440d1cf89957a0c267b" }, { "name": "97330", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97330" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33934721." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libavc/+/33ef7de9ddc8ea7eb9cbc440d1cf89957a0c267b" }, { "name": "97330", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97330" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0542", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33934721." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "https://android.googlesource.com/platform/external/libavc/+/33ef7de9ddc8ea7eb9cbc440d1cf89957a0c267b", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libavc/+/33ef7de9ddc8ea7eb9cbc440d1cf89957a0c267b" }, { "name": "97330", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97330" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0542", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.103Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9415
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-16 20:42
Severity ?
EPSS score ?
Summary
In driver_override_store and driver_override_show of bus.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69129004 References: Upstream kernel.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3752-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3752-3/ | vendor-advisory, x_refsource_UBUNTU | |
https://source.android.com/security/bulletin/pixel/2018-07-01 | x_refsource_CONFIRM | |
https://usn.ubuntu.com/3752-1/ | vendor-advisory, x_refsource_UBUNTU |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:17:52.069Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3752-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3752-2/" }, { "name": "USN-3752-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3752-3/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-07-01" }, { "name": "USN-3752-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3752-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In driver_override_store and driver_override_show of bus.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69129004 References: Upstream kernel." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "USN-3752-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3752-2/" }, { "name": "USN-3752-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3752-3/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-07-01" }, { "name": "USN-3752-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3752-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9415", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In driver_override_store and driver_override_show of bus.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69129004 References: Upstream kernel." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3752-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3752-2/" }, { "name": "USN-3752-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3752-3/" }, { "name": "https://source.android.com/security/bulletin/pixel/2018-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-07-01" }, { "name": "USN-3752-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3752-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9415", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T20:42:41.131Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10293
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33352393. References: QC-CR#1101943.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98206 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.945Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98206", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98206" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33352393. References: QC-CR#1101943." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98206", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98206" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-10293", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33352393. References: QC-CR#1101943." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98206", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98206" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10293", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-08-06T03:14:42.945Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8408
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31496571. References: N-CVE-2016-8408.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94691 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.436Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94691", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94691" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31496571. References: N-CVE-2016-8408." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94691", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94691" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8408", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31496571. References: N-CVE-2016-8408." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "94691", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94691" }, { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8408", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.436Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9567
Vulnerability from cvelistv5
Published
2018-12-06 14:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
On Pixel devices there is a bug causing verified boot to show the same certificate fingerprint despite using different signing keys. This may lead to local escalation of privilege if people are relying on those fingerprints to determine what version of the OS the device is running, with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-65543936.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/106064 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.257Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "106064", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106064" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-12-06T00:00:00", "descriptions": [ { "lang": "en", "value": "On Pixel devices there is a bug causing verified boot to show the same certificate fingerprint despite using different signing keys. This may lead to local escalation of privilege if people are relying on those fingerprints to determine what version of the OS the device is running, with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-65543936." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "106064", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106064" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9567", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "On Pixel devices there is a bug causing verified boot to show the same certificate fingerprint despite using different signing keys. This may lead to local escalation of privilege if people are relying on those fingerprints to determine what version of the OS the device is running, with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-65543936." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "106064", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106064" }, { "name": "https://source.android.com/security/bulletin/2018-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9567", "datePublished": "2018-12-06T14:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.257Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13271
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-09-16 20:12
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69006799.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-03-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.398Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69006799." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T16:57:02", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2017-13271", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69006799." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13271", "datePublished": "2018-04-04T17:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T20:12:51.376Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0730
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-17 03:23
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework (h264 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36279112.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.827Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework (h264 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36279112." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0730", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework (h264 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36279112." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0730", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:23:46.568Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0795
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-17 01:46
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36198473. References: M-ALPS03361480.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100652 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.271Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100652", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100652" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36198473. References: M-ALPS03361480." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100652", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100652" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0795", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36198473. References: M-ALPS03361480." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "100652", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100652" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0795", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T01:46:44.785Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8394
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31913197.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94682 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.195Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94682", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94682" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31913197." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94682", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94682" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8394", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31913197." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94682", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94682" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8394", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.195Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0766
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 23:01
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libjhead). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37776688.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100649 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.504Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libjhead). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37776688." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0766", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libjhead). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37776688." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "100649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100649" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0766", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T23:01:10.445Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0800
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 19:52
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the MediaTek teei. Product: Android. Versions: Android kernel. Android ID: A-37683975. References: M-ALPS03302988.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100652 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.307Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100652", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100652" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the MediaTek teei. Product: Android. Versions: Android kernel. Android ID: A-37683975. References: M-ALPS03302988." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100652", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100652" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0800", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the MediaTek teei. Product: Android. Versions: Android kernel. Android ID: A-37683975. References: M-ALPS03302988." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "100652", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100652" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0800", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T19:52:05.350Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13268
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-09-16 22:29
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67058064.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-03-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.992Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67058064." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T16:57:02", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2017-13268", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67058064." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13268", "datePublished": "2018-04-04T17:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T22:29:47.253Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9509
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-17 00:06
Severity ?
EPSS score ?
Summary
In smp_proc_master_id of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111937027
References
▼ | URL | Tags |
---|---|---|
https://android.googlesource.com/platform/system/bt/+/198888b8e0163bab7a417161c63e483804ae8e31 | x_refsource_MISC | |
http://www.securityfocus.com/bid/105482 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-10-01%2C | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.707Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/system/bt/+/198888b8e0163bab7a417161c63e483804ae8e31" }, { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In smp_proc_master_id of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111937027" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/system/bt/+/198888b8e0163bab7a417161c63e483804ae8e31" }, { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9509", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In smp_proc_master_id of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111937027" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://android.googlesource.com/platform/system/bt/+/198888b8e0163bab7a417161c63e483804ae8e31", "refsource": "MISC", "url": "https://android.googlesource.com/platform/system/bt/+/198888b8e0163bab7a417161c63e483804ae8e31" }, { "name": "105482", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105482" }, { "name": "https://source.android.com/security/bulletin/2018-10-01,", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01," } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9509", "datePublished": "2018-10-02T19:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-17T00:06:57.043Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9518
Vulnerability from cvelistv5
Published
2018-12-07 23:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-09-01 | x_refsource_CONFIRM | |
https://usn.ubuntu.com/3798-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3798-2/ | vendor-advisory, x_refsource_UBUNTU |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android Kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.883Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-09-01" }, { "name": "USN-3798-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3798-1/" }, { "name": "USN-3798-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3798-2/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android Kernel" } ] } ], "datePublic": "2018-12-07T00:00:00", "descriptions": [ { "lang": "en", "value": "In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-08T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-09-01" }, { "name": "USN-3798-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3798-1/" }, { "name": "USN-3798-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3798-2/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9518", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android Kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-09-01" }, { "name": "USN-3798-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3798-1/" }, { "name": "USN-3798-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3798-2/" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9518", "datePublished": "2018-12-07T23:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.883Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13190
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-17 02:17
Severity ?
EPSS score ?
Summary
A vulnerability in the Android media framework (libhevc) related to handling ps_codec_obj memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68299873.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-01-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/external/libhevc/+/3ed3c6b79a7b9a60c475dd4936ad57b0b92fd600 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.603Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/3ed3c6b79a7b9a60c475dd4936ad57b0b92fd600" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Android media framework (libhevc) related to handling ps_codec_obj memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68299873." } ], "problemTypes": [ { "descriptions": [ { "description": "Other", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-12T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/3ed3c6b79a7b9a60c475dd4936ad57b0b92fd600" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13190", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Android media framework (libhevc) related to handling ps_codec_obj memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68299873." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Other" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "name": "https://android.googlesource.com/platform/external/libhevc/+/3ed3c6b79a7b9a60c475dd4936ad57b0b92fd600", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libhevc/+/3ed3c6b79a7b9a60c475dd4936ad57b0b92fd600" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13190", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T02:17:05.895Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8438
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
Integer overflow leading to a TOCTOU condition in hypervisor PIL. An integer overflow exposes a race condition that may be used to bypass (Peripheral Image Loader) PIL authentication. Product: Android. Versions: Kernel 3.18. Android ID: A-31624565. References: QC-CR#1023638.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95227 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.338Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95227" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer overflow leading to a TOCTOU condition in hypervisor PIL. An integer overflow exposes a race condition that may be used to bypass (Peripheral Image Loader) PIL authentication. Product: Android. Versions: Kernel 3.18. Android ID: A-31624565. References: QC-CR#1023638." } ], "problemTypes": [ { "descriptions": [ { "description": "Integer Overflow", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95227" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8438", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer overflow leading to a TOCTOU condition in hypervisor PIL. An integer overflow exposes a race condition that may be used to bypass (Peripheral Image Loader) PIL authentication. Product: Android. Versions: Kernel 3.18. Android ID: A-31624565. References: QC-CR#1023638." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Integer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95227" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8438", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.338Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0383
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1. Android ID: A-31677614.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95243 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Version: Android-7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.009Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95243", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95243" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1. Android ID: A-31677614." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95243", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95243" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0383", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0" }, { "version_value": "Android-7.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1. Android ID: A-31677614." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95243", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95243" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0383", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.009Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0622
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Goodix touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32749036. References: QC-CR#1098602.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98198 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.823Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98198", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98198" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Goodix touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32749036. References: QC-CR#1098602." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98198", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98198" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0622", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Goodix touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32749036. References: QC-CR#1098602." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "98198", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98198" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0622", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.823Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9491
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-17 00:11
Severity ?
EPSS score ?
Summary
In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in external apps with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111603051
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-10-01%2C | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/105484 | vdb-entry, x_refsource_BID | |
https://android.googlesource.com/platform/frameworks/av/+/2b4667baa5a2badbdfec1794156ee17d4afef37c | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:54.918Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "name": "105484", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105484" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/2b4667baa5a2badbdfec1794156ee17d4afef37c" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in external apps with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111603051" } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "name": "105484", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105484" }, { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/2b4667baa5a2badbdfec1794156ee17d4afef37c" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9491", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in external apps with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111603051" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-10-01,", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01," }, { "name": "105484", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105484" }, { "name": "https://android.googlesource.com/platform/frameworks/av/+/2b4667baa5a2badbdfec1794156ee17d4afef37c", "refsource": "MISC", "url": "https://android.googlesource.com/platform/frameworks/av/+/2b4667baa5a2badbdfec1794156ee17d4afef37c" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9491", "datePublished": "2018-10-02T19:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-17T00:11:26.761Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-9010
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-16 21:07
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393101.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98874 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:36:31.203Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393101." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-06-05T00:00:00", "ID": "CVE-2015-9010", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393101." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2015-9010", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-09-16T21:07:23.381Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6752
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-31498159. References: Qualcomm QC-CR#987051.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94139 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.566Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94139", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94139" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-31498159. References: Qualcomm QC-CR#987051." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94139", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94139" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6752", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-31498159. References: Qualcomm QC-CR#987051." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94139", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94139" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6752", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.566Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0732
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-16 22:36
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37504237.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.311Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37504237." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0732", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37504237." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0732", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T22:36:35.329Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9515
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-16 21:07
Severity ?
EPSS score ?
Summary
In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111641492 References: N/A
References
▼ | URL | Tags |
---|---|---|
https://www.exploit-db.com/exploits/45558/ | exploit, x_refsource_EXPLOIT-DB | |
http://www.securityfocus.com/bid/105483 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-10-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.923Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "45558", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/45558/" }, { "name": "105483", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105483" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-10-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111641492 References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "45558", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/45558/" }, { "name": "105483", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105483" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-10-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9515", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111641492 References: N/A" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "45558", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/45558/" }, { "name": "105483", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105483" }, { "name": "https://source.android.com/security/bulletin/2018-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9515", "datePublished": "2018-10-02T19:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T21:07:52.862Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13204
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-17 02:16
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380237.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-01-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/external/libavc/+/42cf02965b11c397dd37a0063e683cef005bc0ae | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.621Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libavc/+/42cf02965b11c397dd37a0063e683cef005bc0ae" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380237." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-12T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libavc/+/42cf02965b11c397dd37a0063e683cef005bc0ae" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13204", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380237." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "name": "https://android.googlesource.com/platform/external/libavc/+/42cf02965b11c397dd37a0063e683cef005bc0ae", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libavc/+/42cf02965b11c397dd37a0063e683cef005bc0ae" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13204", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T02:16:14.815Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8469
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31351206. References: N-CVE-2016-8469.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95246 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.344Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95246", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95246" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31351206. References: N-CVE-2016-8469." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95246", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95246" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8469", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31351206. References: N-CVE-2016-8469." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95246", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95246" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8469", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.344Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10285
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33752702. References: QC-CR#1104899.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98163 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.974Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98163", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98163" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33752702. References: QC-CR#1104899." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98163", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98163" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-10285", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33752702. References: QC-CR#1104899." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98163", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98163" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10285", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-08-06T03:14:42.974Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0679
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-17 04:09
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36996978.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.820Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36996978." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0679", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36996978." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0679", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T04:09:45.924Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6774
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in Package Manager could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 7.0. Android ID: A-31251489.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94705 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.862Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94705", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94705" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in Package Manager could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 7.0. Android ID: A-31251489." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94705", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94705" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6774", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in Package Manager could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 7.0. Android ID: A-31251489." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94705", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94705" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6774", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.862Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0701
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 23:35
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36385715.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99472 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:04.941Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99472", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99472" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36385715." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99472", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99472" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0701", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36385715." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99472", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99472" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0701", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T23:35:33.297Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13211
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 18:54
Severity ?
EPSS score ?
Summary
In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible resource exhaustion if a large number of repeated BLE scan results are received. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0. Android ID: A-65174158.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102415 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.524Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "102415", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102415" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible resource exhaustion if a large number of repeated BLE scan results are received. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0. Android ID: A-65174158." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "102415", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102415" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13211", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible resource exhaustion if a large number of repeated BLE scan results are received. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0. Android ID: A-65174158." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "102415", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102415" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13211", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T18:54:39.593Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8423
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31399736. References: QC-CR#1000546.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95241 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.338Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95241", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95241" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31399736. References: QC-CR#1000546." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95241", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95241" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8423", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31399736. References: QC-CR#1000546." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95241", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95241" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8423", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.338Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13252
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-09-16 20:53
Severity ?
EPSS score ?
Summary
In CryptoHal::decrypt of CryptoHal.cpp, there is an out of bounds write due to improper input validation that results in a read from uninitialized memory. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70526702.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/103255 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-03-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.970Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "103255", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103255" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-03-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In CryptoHal::decrypt of CryptoHal.cpp, there is an out of bounds write due to improper input validation that results in a read from uninitialized memory. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70526702." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "103255", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103255" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-03-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2017-13252", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In CryptoHal::decrypt of CryptoHal.cpp, there is an out of bounds write due to improper input validation that results in a read from uninitialized memory. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70526702." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "103255", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103255" }, { "name": "https://source.android.com/security/bulletin/2018-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-03-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13252", "datePublished": "2018-04-04T17:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T20:53:09.639Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9534
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In ixheaacd_mps_getstridemap of ixheaacd_mps_parse.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112857941
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.850Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In ixheaacd_mps_getstridemap of ixheaacd_mps_parse.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112857941" } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-14T17:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9534", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ixheaacd_mps_getstridemap of ixheaacd_mps_parse.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112857941" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9534", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.850Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10280
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175767. References: M-ALPS02696445.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98157 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.920Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98157", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98157" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175767. References: M-ALPS02696445." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-24T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98157", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98157" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-10280", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175767. References: M-ALPS02696445." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98157", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98157" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10280", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-08-06T03:14:42.920Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0817
Vulnerability from cvelistv5
Published
2017-10-03 21:00
Modified
2024-09-16 23:32
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63522430.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-10-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/frameworks/av/+/d834160d9759f1098df692b34e6eeb548f9e317b | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101151 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.309Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/d834160d9759f1098df692b34e6eeb548f9e317b" }, { "name": "101151", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101151" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63522430." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-06T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/d834160d9759f1098df692b34e6eeb548f9e317b" }, { "name": "101151", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101151" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-10-02T00:00:00", "ID": "CVE-2017-0817", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63522430." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "name": "https://android.googlesource.com/platform/frameworks/av/+/d834160d9759f1098df692b34e6eeb548f9e317b", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/av/+/d834160d9759f1098df692b34e6eeb548f9e317b" }, { "name": "101151", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101151" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0817", "datePublished": "2017-10-03T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T23:32:00.603Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6759
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29982686. References: QC-CR#1055766.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94677 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.880Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94677", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94677" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29982686. References: QC-CR#1055766." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94677", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94677" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6759", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29982686. References: QC-CR#1055766." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94677", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94677" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6759", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.880Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-9015
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-16 23:56
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714120.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98874 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:36:31.439Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714120." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-06-05T00:00:00", "ID": "CVE-2015-9015", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714120." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2015-9015", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-09-16T23:56:22.560Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0415
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32706020.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96089 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.123Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96089", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96089" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32706020." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96089", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96089" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0415", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32706020." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96089", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96089" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0415", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.123Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8391
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31253255. References: QC-CR#1072166.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94681 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.145Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94681", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94681" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31253255. References: QC-CR#1072166." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94681", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94681" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8391", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31253255. References: QC-CR#1072166." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94681", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94681" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8391", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.145Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8421
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451104. References: QC-CR#1087797.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96047 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.328Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96047", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451104. References: QC-CR#1087797." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96047", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8421", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451104. References: QC-CR#1087797." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96047", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8421", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.328Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13261
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-09-17 01:10
Severity ?
EPSS score ?
Summary
In bnep_process_control_packet of bnep_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177292.
References
▼ | URL | Tags |
---|---|---|
https://www.exploit-db.com/exploits/44327/ | exploit, x_refsource_EXPLOIT-DB | |
https://source.android.com/security/bulletin/2018-03-01 | x_refsource_CONFIRM | |
https://www.exploit-db.com/exploits/44326/ | exploit, x_refsource_EXPLOIT-DB | |
http://www.securityfocus.com/bid/103253 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.920Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "44327", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/44327/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "44326", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/44326/" }, { "name": "103253", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103253" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In bnep_process_control_packet of bnep_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177292." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "44327", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/44327/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "44326", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/44326/" }, { "name": "103253", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103253" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2017-13261", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In bnep_process_control_packet of bnep_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177292." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "44327", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44327/" }, { "name": "https://source.android.com/security/bulletin/2018-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "44326", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44326/" }, { "name": "103253", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103253" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13261", "datePublished": "2018-04-04T17:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T01:10:48.091Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9445
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-17 04:25
Severity ?
EPSS score ?
Summary
In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. This could lead to local escalation of privilege when mounting a USB device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80436257.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-08-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1041432 | vdb-entry, x_refsource_SECTRACK | |
https://www.exploit-db.com/exploits/45192/ | exploit, x_refsource_EXPLOIT-DB |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:17:51.852Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041432" }, { "name": "45192", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/45192/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. This could lead to local escalation of privilege when mounting a USB device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80436257." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041432" }, { "name": "45192", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/45192/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9445", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. This could lead to local escalation of privilege when mounting a USB device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80436257." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041432" }, { "name": "45192", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/45192/" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9445", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-17T04:25:36.140Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13198
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 20:27
Severity ?
EPSS score ?
Summary
A vulnerability in the Android media framework (ex) related to composition of frames lacking a color map. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399117.
References
▼ | URL | Tags |
---|---|---|
https://android.googlesource.com/platform/frameworks/ex/+/ede8f95361dcbf9757aaf6d25ce59fa3767344e3 | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/pixel/2018-01-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.455Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/ex/+/ede8f95361dcbf9757aaf6d25ce59fa3767344e3" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Android media framework (ex) related to composition of frames lacking a color map. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399117." } ], "problemTypes": [ { "descriptions": [ { "description": "Other", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-12T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/ex/+/ede8f95361dcbf9757aaf6d25ce59fa3767344e3" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13198", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Android media framework (ex) related to composition of frames lacking a color map. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399117." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Other" } ] } ] }, "references": { "reference_data": [ { "name": "https://android.googlesource.com/platform/frameworks/ex/+/ede8f95361dcbf9757aaf6d25ce59fa3767344e3", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/ex/+/ede8f95361dcbf9757aaf6d25ce59fa3767344e3" }, { "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13198", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T20:27:56.118Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10294
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33621829. References: QC-CR#1105481.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.965Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33621829. References: QC-CR#1105481." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-12T14:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-10294", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33621829. References: QC-CR#1105481." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10294", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-08-06T03:14:42.965Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13168
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 20:53
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3753-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3820-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3820-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://source.android.com/security/bulletin/pixel/2017-12-01 | x_refsource_CONFIRM | |
https://usn.ubuntu.com/3822-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3753-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3822-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3820-3/ | vendor-advisory, x_refsource_UBUNTU |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.616Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3753-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3753-2/" }, { "name": "USN-3820-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3820-1/" }, { "name": "USN-3820-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3820-2/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" }, { "name": "USN-3822-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3822-2/" }, { "name": "USN-3753-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3753-1/" }, { "name": "USN-3822-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3822-1/" }, { "name": "USN-3820-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3820-3/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-28T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "USN-3753-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3753-2/" }, { "name": "USN-3820-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3820-1/" }, { "name": "USN-3820-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3820-2/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" }, { "name": "USN-3822-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3822-2/" }, { "name": "USN-3753-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3753-1/" }, { "name": "USN-3822-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3822-1/" }, { "name": "USN-3820-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3820-3/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13168", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3753-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3753-2/" }, { "name": "USN-3820-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3820-1/" }, { "name": "USN-3820-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3820-2/" }, { "name": "https://source.android.com/security/bulletin/pixel/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" }, { "name": "USN-3822-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3822-2/" }, { "name": "USN-3753-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3753-1/" }, { "name": "USN-3822-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3822-1/" }, { "name": "USN-3820-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3820-3/" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13168", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T20:53:17.676Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0731
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-17 02:16
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36075363.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.624Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36075363." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0731", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36075363." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0731", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T02:16:12.894Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13287
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-16 21:57
Severity ?
EPSS score ?
Summary
In createFromParcel of VerifyCredentialResponse.java, there is a possible invalid parcel read due to improper input validation. This could lead to local escalation of privilege if mPayload in writeToParcel were null, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71714464.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.055Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In createFromParcel of VerifyCredentialResponse.java, there is a possible invalid parcel read due to improper input validation. This could lead to local escalation of privilege if mPayload in writeToParcel were null, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71714464." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13287", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In createFromParcel of VerifyCredentialResponse.java, there is a possible invalid parcel read due to improper input validation. This could lead to local escalation of privilege if mPayload in writeToParcel were null, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71714464." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13287", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T21:57:05.450Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8462
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: N/A. Android ID: A-32510383.
References
▼ | URL | Tags |
---|---|---|
https://securityresear.ch/2017/01/04/fastboot-oem-sha1sum/ | x_refsource_MISC | |
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
https://github.com/CunningLogic/PixelDump_CVE-2016-8462 | x_refsource_MISC | |
http://www.securityfocus.com/bid/95237 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.338Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://securityresear.ch/2017/01/04/fastboot-oem-sha1sum/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/CunningLogic/PixelDump_CVE-2016-8462" }, { "name": "95237", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95237" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: N/A. Android ID: A-32510383." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-15T01:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://securityresear.ch/2017/01/04/fastboot-oem-sha1sum/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/CunningLogic/PixelDump_CVE-2016-8462" }, { "name": "95237", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95237" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8462", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: N/A. Android ID: A-32510383." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://securityresear.ch/2017/01/04/fastboot-oem-sha1sum/", "refsource": "MISC", "url": "https://securityresear.ch/2017/01/04/fastboot-oem-sha1sum/" }, { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "https://github.com/CunningLogic/PixelDump_CVE-2016-8462", "refsource": "MISC", "url": "https://github.com/CunningLogic/PixelDump_CVE-2016-8462" }, { "name": "95237", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95237" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8462", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.338Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0582
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub. This issue is rated as Moderate because it first requires exploitation of separate vulnerabilities. Product: Android. Versions: Kernel-3.10. Android ID: A-33178836.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97356 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.581Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97356", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97356" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub. This issue is rated as Moderate because it first requires exploitation of separate vulnerabilities. Product: Android. Versions: Kernel-3.10. Android ID: A-33178836." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97356", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97356" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0582", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub. This issue is rated as Moderate because it first requires exploitation of separate vulnerabilities. Product: Android. Versions: Kernel-3.10. Android ID: A-33178836." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97356", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97356" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0582", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.581Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0741
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-17 01:26
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the MediaTek gpu driver. Product: Android. Versions: Android kernel. Android ID: A-32458601. References: M-ALPS03007523.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100209 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.211Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100209", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100209" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the MediaTek gpu driver. Product: Android. Versions: Android kernel. Android ID: A-32458601. References: M-ALPS03007523." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100209", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100209" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0741", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the MediaTek gpu driver. Product: Android. Versions: Android kernel. Android ID: A-32458601. References: M-ALPS03007523." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "100209", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100209" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0741", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T01:26:18.466Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0648
Vulnerability from cvelistv5
Published
2017-06-14 13:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-36101220.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98875 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.705Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98875", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98875" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-36101220." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-07T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98875", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98875" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0648", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-36101220." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98875", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98875" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0648", "datePublished": "2017-06-14T13:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.705Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0597
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34749571.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98131 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.631Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98131", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98131" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34749571." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98131", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98131" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0597", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34749571." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "98131", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98131" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0597", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.631Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0778
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-17 03:53
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-62133227.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100649 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.279Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-62133227." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0778", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-62133227." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "100649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100649" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0778", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:53:40.182Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13177
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 18:44
Severity ?
EPSS score ?
Summary
In several functions of libhevc, NEON registers are not preserved. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68320413.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/102414 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.620Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102414" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In several functions of libhevc, NEON registers are not preserved. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68320413." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102414" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13177", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In several functions of libhevc, NEON registers are not preserved. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68320413." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102414" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13177", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T18:44:11.280Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0398
Vulnerability from cvelistv5
Published
2017-01-13 16:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android IDs: A-32438594, A-32635664.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95226 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.035Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95226", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95226" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android IDs: A-32438594, A-32635664." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-16T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95226", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95226" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0398", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android IDs: A-32438594, A-32635664." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95226", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95226" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0398", "datePublished": "2017-01-13T16:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.035Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0591
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34097672.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98124 | vdb-entry, x_refsource_BID | |
https://android.googlesource.com/platform/external/libavc/+/5c3fd5d93a268abb20ff22f26009535b40db3c7d | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.910Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98124", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98124" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libavc/+/5c3fd5d93a268abb20ff22f26009535b40db3c7d" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34097672." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98124", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98124" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libavc/+/5c3fd5d93a268abb20ff22f26009535b40db3c7d" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0591", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34097672." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "98124", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98124" }, { "name": "https://android.googlesource.com/platform/external/libavc/+/5c3fd5d93a268abb20ff22f26009535b40db3c7d", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libavc/+/5c3fd5d93a268abb20ff22f26009535b40db3c7d" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0591", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.910Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13161
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-17 03:43
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Broadcom wireless driver. Product: Android. Versions: Android kernel. Android ID A-63930471. References: BC-V2017092501.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.507Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Broadcom wireless driver. Product: Android. Versions: Android kernel. Android ID A-63930471. References: BC-V2017092501." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-06T13:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13161", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Broadcom wireless driver. Product: Android. Versions: Android kernel. Android ID A-63930471. References: BC-V2017092501." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13161", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T03:43:19.884Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6719
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to pair with any Bluetooth device without user consent. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29043989.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94179 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.565Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94179", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94179" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to pair with any Bluetooth device without user consent. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29043989." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94179", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94179" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6719", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to pair with any Bluetooth device without user consent. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29043989." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "94179", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94179" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6719", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.565Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8446
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31747749. References: MT-ALPS02968909.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95229 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.339Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95229", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95229" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31747749. References: MT-ALPS02968909." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95229", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95229" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8446", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31747749. References: MT-ALPS02968909." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95229", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95229" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8446", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.339Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0713
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-17 01:26
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android libraries (sfntly). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-32096780.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100219 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.623Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100219", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100219" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android libraries (sfntly). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-32096780." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100219", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100219" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0713", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android libraries (sfntly). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-32096780." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "100219", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100219" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0713", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T01:26:08.494Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0810
Vulnerability from cvelistv5
Published
2017-10-03 21:00
Modified
2024-09-17 03:34
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38207066.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-10-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/external/libmpeg2/+/7737780815fe523ad7b0e49456eb75d27a30818a | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101088 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.325Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-10-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libmpeg2/+/7737780815fe523ad7b0e49456eb75d27a30818a" }, { "name": "101088", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101088" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38207066." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-10-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libmpeg2/+/7737780815fe523ad7b0e49456eb75d27a30818a" }, { "name": "101088", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101088" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-10-02T00:00:00", "ID": "CVE-2017-0810", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38207066." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-10-01" }, { "name": "https://android.googlesource.com/platform/external/libmpeg2/+/7737780815fe523ad7b0e49456eb75d27a30818a", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libmpeg2/+/7737780815fe523ad7b0e49456eb75d27a30818a" }, { "name": "101088", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101088" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0810", "datePublished": "2017-10-03T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:34:20.489Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6701
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in libskia in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of the gallery process. Android ID: A-30190637.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94162 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.575Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94162", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94162" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in libskia in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of the gallery process. Android ID: A-30190637." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94162", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94162" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6701", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in libskia in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of the gallery process. Android ID: A-30190637." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "94162", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94162" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6701", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.575Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13210
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 21:58
Severity ?
EPSS score ?
Summary
In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, there is an out-of-bounds write if metadataSize is too small. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67782345.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102415 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.621Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "102415", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102415" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, there is an out-of-bounds write if metadataSize is too small. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67782345." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "102415", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102415" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13210", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, there is an out-of-bounds write if metadataSize is too small. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67782345." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "102415", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102415" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13210", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T21:58:22.710Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6764
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31681434.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94688 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:38.141Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94688", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94688" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31681434." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94688", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94688" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6764", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31681434." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "94688", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94688" }, { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6764", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:38.141Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9545
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In BTA_HdRegisterApp of bta_hd_api.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113111784
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105849 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.038Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105849", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105849" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In BTA_HdRegisterApp of bta_hd_api.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113111784" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-15T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105849", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105849" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9545", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In BTA_HdRegisterApp of bta_hd_api.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113111784" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "105849", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105849" }, { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9545", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.038Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8429
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32160775. References: N-CVE-2016-8429.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95231 | vdb-entry, x_refsource_BID | |
http://nvidia.custhelp.com/app/answers/detail/a_id/4561 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.321Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95231", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95231" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32160775. References: N-CVE-2016-8429." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-18T17:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95231", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95231" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8429", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32160775. References: N-CVE-2016-8429." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95231", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95231" }, { "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8429", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.321Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-9958
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-16 21:04
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384774.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98874 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:02:37.381Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384774." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-06-05T00:00:00", "ID": "CVE-2014-9958", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384774." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2014-9958", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-09-16T21:04:20.399Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0507
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31992382.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96952 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.672Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96952", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96952" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31992382." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96952", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96952" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0507", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31992382." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96952", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96952" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0507", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.672Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8411
Vulnerability from cvelistv5
Published
2017-01-27 17:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
Buffer overflow vulnerability while processing QMI QOS TLVs. Product: Android. Versions: versions that have qmi_qos_srvc.c. Android ID: 31805216. References: QC CR#912775.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94684 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: versions that have i_qos_srvc.c |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.276Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94684", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94684" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "versions that have i_qos_srvc.c" } ] } ], "datePublic": "2016-12-01T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow vulnerability while processing QMI QOS TLVs. Product: Android. Versions: versions that have qmi_qos_srvc.c. Android ID: 31805216. References: QC CR#912775." } ], "problemTypes": [ { "descriptions": [ { "description": "Buffer Overflow in QMI", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-30T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94684", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94684" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8411", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "versions that have i_qos_srvc.c" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow vulnerability while processing QMI QOS TLVs. Product: Android. Versions: versions that have qmi_qos_srvc.c. Android ID: 31805216. References: QC CR#912775." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Buffer Overflow in QMI" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94684", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94684" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8411", "datePublished": "2017-01-27T17:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.276Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9452
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-17 02:20
Severity ?
EPSS score ?
Summary
In getOffsetForHorizontal of Layout.java, there is a possible application hang due to a slow width calculation. This could lead to remote denial of service if a contact with many hidden unicode characters were sent to the device and used by a local app, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-78464361
References
▼ | URL | Tags |
---|---|---|
https://android.googlesource.com/platform/frameworks/base/+/3b6f84b77c30ec0bab5147b0cffc192c86ba2634 | x_refsource_MISC | |
https://source.android.com/security/bulletin/2018-10-01%2C | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/105484 | vdb-entry, x_refsource_BID | |
https://android.googlesource.com/platform/frameworks/base/+/54f661b16b308cf38d1b9703214591c0f83df64d%2C | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:17:52.120Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/3b6f84b77c30ec0bab5147b0cffc192c86ba2634" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "name": "105484", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105484" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/54f661b16b308cf38d1b9703214591c0f83df64d%2C" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In getOffsetForHorizontal of Layout.java, there is a possible application hang due to a slow width calculation. This could lead to remote denial of service if a contact with many hidden unicode characters were sent to the device and used by a local app, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-78464361" } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/3b6f84b77c30ec0bab5147b0cffc192c86ba2634" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "name": "105484", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105484" }, { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/54f661b16b308cf38d1b9703214591c0f83df64d%2C" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9452", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In getOffsetForHorizontal of Layout.java, there is a possible application hang due to a slow width calculation. This could lead to remote denial of service if a contact with many hidden unicode characters were sent to the device and used by a local app, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-78464361" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://android.googlesource.com/platform/frameworks/base/+/3b6f84b77c30ec0bab5147b0cffc192c86ba2634", "refsource": "MISC", "url": "https://android.googlesource.com/platform/frameworks/base/+/3b6f84b77c30ec0bab5147b0cffc192c86ba2634" }, { "name": "https://source.android.com/security/bulletin/2018-10-01,", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01," }, { "name": "105484", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105484" }, { "name": "https://android.googlesource.com/platform/frameworks/base/+/54f661b16b308cf38d1b9703214591c0f83df64d,", "refsource": "MISC", "url": "https://android.googlesource.com/platform/frameworks/base/+/54f661b16b308cf38d1b9703214591c0f83df64d," } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9452", "datePublished": "2018-10-02T19:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-17T02:20:43.903Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13243
Vulnerability from cvelistv5
Published
2018-02-12 19:00
Modified
2024-09-16 23:11
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Android system (ui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. ID: A-38258991.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-02-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/103013 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.915Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" }, { "name": "103013", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103013" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2018-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Android system (ui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. ID: A-38258991." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-15T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" }, { "name": "103013", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103013" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-02-05T00:00:00", "ID": "CVE-2017-13243", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Android system (ui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. ID: A-38258991." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" }, { "name": "103013", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103013" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13243", "datePublished": "2018-02-12T19:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T23:11:45.011Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9551
Vulnerability from cvelistv5
Published
2018-12-06 14:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In CAacDecoder_Init of aacdecoder.cpp, there is a possible out-of-bound write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891548.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/106137 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.995Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "106137", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106137" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-12-06T00:00:00", "descriptions": [ { "lang": "en", "value": "In CAacDecoder_Init of aacdecoder.cpp, there is a possible out-of-bound write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891548." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-08T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "106137", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106137" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9551", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In CAacDecoder_Init of aacdecoder.cpp, there is a possible out-of-bound write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891548." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "106137", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106137" }, { "name": "https://source.android.com/security/bulletin/2018-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9551", "datePublished": "2018-12-06T14:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.995Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6778
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31384646.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94675 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.668Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94675", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94675" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31384646." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94675", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94675" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6778", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31384646." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94675", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94675" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6778", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.668Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0699
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-17 00:37
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36490809.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:04.900Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36490809." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0699", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36490809." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0699", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T00:37:04.671Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0467
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33250932.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96717 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.189Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96717" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33250932." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96717" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0467", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33250932." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96717" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0467", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.189Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13167
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-17 01:31
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993.
References
▼ | URL | Tags |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html | vendor-advisory, x_refsource_SUSE | |
https://source.android.com/security/bulletin/pixel/2017-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.637Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SUSE-SU-2018:0011", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-05T14:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "SUSE-SU-2018:0011", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13167", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "SUSE-SU-2018:0011", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" }, { "name": "https://source.android.com/security/bulletin/pixel/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13167", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T01:31:39.773Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0547
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33861560.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97338 | vdb-entry, x_refsource_BID | |
https://android.googlesource.com/platform/frameworks/av/+/9667e3eff2d34c3797c3b529370de47b2c1f1bf6 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.148Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97338", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97338" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/9667e3eff2d34c3797c3b529370de47b2c1f1bf6" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33861560." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97338", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97338" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/9667e3eff2d34c3797c3b529370de47b2c1f1bf6" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0547", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33861560." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97338", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97338" }, { "name": "https://android.googlesource.com/platform/frameworks/av/+/9667e3eff2d34c3797c3b529370de47b2c1f1bf6", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/av/+/9667e3eff2d34c3797c3b529370de47b2c1f1bf6" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0547", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.148Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0645
Vulnerability from cvelistv5
Published
2017-06-14 13:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35385327.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98871 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.814Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98871", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98871" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35385327." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-07T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98871", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98871" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0645", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35385327." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98871", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98871" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0645", "datePublished": "2017-06-14T13:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.814Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13153
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-17 02:41
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Android media framework (libaudioservice). Product: Android. Versions: 8.0. Android ID A-65280854.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-12-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102126 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.421Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102126" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Android media framework (libaudioservice). Product: Android. Versions: 8.0. Android ID A-65280854." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-12T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102126" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13153", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Android media framework (libaudioservice). Product: Android. Versions: 8.0. Android ID A-65280854." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102126" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13153", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T02:41:47.754Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13222
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-17 00:30
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-38159576.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-01-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.613Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-38159576." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-12T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13222", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-38159576." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13222", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T00:30:32.822Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9553
Vulnerability from cvelistv5
Published
2018-12-06 14:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In MasteringMetadata::Parse of mkvparser.cc there is a possible double free due to an insecure default value. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116615297.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/106137 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.078Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "106137", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106137" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } ], "datePublic": "2018-12-06T00:00:00", "descriptions": [ { "lang": "en", "value": "In MasteringMetadata::Parse of mkvparser.cc there is a possible double free due to an insecure default value. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116615297." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-08T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "106137", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106137" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9553", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In MasteringMetadata::Parse of mkvparser.cc there is a possible double free due to an insecure default value. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116615297." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "106137", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106137" }, { "name": "https://source.android.com/security/bulletin/2018-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9553", "datePublished": "2018-12-06T14:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.078Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0664
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 22:19
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36491278.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/99470 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.945Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "99470", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99470" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36491278." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "99470", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99470" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0664", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36491278." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "99470", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99470" }, { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0664", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T22:19:40.540Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6736
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30953284. References: NVIDIA N-CVE-2016-6736.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94140 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.633Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94140", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94140" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30953284. References: NVIDIA N-CVE-2016-6736." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94140", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94140" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6736", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30953284. References: NVIDIA N-CVE-2016-6736." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "94140", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94140" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6736", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.633Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13276
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-16 23:36
Severity ?
EPSS score ?
Summary
In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70637599.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.058Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70637599." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13276", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70637599." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13276", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T23:36:40.692Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0410
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31929765.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96056 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.145Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96056", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96056" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31929765." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96056", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96056" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0410", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31929765." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96056", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96056" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0410", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.145Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0715
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-17 03:53
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36998372.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.710Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36998372." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0715", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36998372." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0715", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:53:37.993Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0729
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-16 18:55
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Android media framework (mediadrmserver). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37710346.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.481Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Android media framework (mediadrmserver). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37710346." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0729", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Android media framework (mediadrmserver). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37710346." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0729", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T18:55:56.459Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9526
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105847 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/pixel/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.017Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105847", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105847" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-03-06T16:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105847", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105847" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9526", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "105847", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105847" }, { "name": "https://source.android.com/security/bulletin/pixel/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9526", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.017Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0760
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 17:34
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237396.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100649 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.502Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237396." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0760", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237396." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "100649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100649" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0760", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T17:34:18.171Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10290
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm shared memory driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33898330. References: QC-CR#1109782.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98182 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.972Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98182", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98182" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm shared memory driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33898330. References: QC-CR#1109782." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98182", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98182" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-10290", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm shared memory driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33898330. References: QC-CR#1109782." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "98182", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98182" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10290", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-08-06T03:14:42.972Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6705
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-30907212.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94134 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.476Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94134", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94134" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-30907212." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94134", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94134" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6705", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-30907212." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94134", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94134" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6705", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.476Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8414
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31704078. References: QC-CR#1076407.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96111 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.332Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96111", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96111" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31704078. References: QC-CR#1076407." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96111", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96111" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8414", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31704078. References: QC-CR#1076407." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96111", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96111" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8414", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.332Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13180
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 18:12
Severity ?
EPSS score ?
Summary
In the onQueueFilled function of SoftAVCDec, there is a possible out-of-bounds write due to a use after free if a bad header causes the decoder to get caught in a loop while another thread frees the memory it's accessing. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969349.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/102414 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.644Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102414" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In the onQueueFilled function of SoftAVCDec, there is a possible out-of-bounds write due to a use after free if a bad header causes the decoder to get caught in a loop while another thread frees the memory it\u0027s accessing. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969349." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102414" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13180", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the onQueueFilled function of SoftAVCDec, there is a possible out-of-bounds write due to a use after free if a bad header causes the decoder to get caught in a loop while another thread frees the memory it\u0027s accessing. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969349." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102414" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13180", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T18:12:49.078Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0774
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 22:56
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62673844.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100649 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.101Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62673844." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0774", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62673844." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "100649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100649" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0774", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T22:56:35.565Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13298
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-16 22:03
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Android media framework (libhavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72117051.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.042Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Android media framework (libhavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72117051." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13298", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Android media framework (libhavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72117051." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13298", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T22:03:09.265Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6768
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31631842.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94704 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:38.167Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94704", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94704" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31631842." } ], "problemTypes": [ { "descriptions": [ { "description": "Other", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94704", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94704" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6768", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31631842." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Other" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94704", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94704" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6768", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:38.167Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0633
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious component to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-36000515. References: B-RB#117131.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98223 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.919Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98223", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98223" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious component to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-36000515. References: B-RB#117131." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98223", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98223" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0633", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious component to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-36000515. References: B-RB#117131." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98223", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98223" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0633", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.919Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0724
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-16 22:56
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36819262.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.495Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36819262." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0724", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36819262." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0724", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T22:56:46.125Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9362
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-17 03:23
Severity ?
EPSS score ?
Summary
In processMessagePart of InboundSmsHandler.java, there is a possible remote denial of service due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-72298611.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/104461 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:17:52.204Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-06-01" }, { "name": "104461", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104461" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In processMessagePart of InboundSmsHandler.java, there is a possible remote denial of service due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-72298611." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-06-01" }, { "name": "104461", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104461" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9362", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In processMessagePart of InboundSmsHandler.java, there is a possible remote denial of service due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-72298611." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-06-01" }, { "name": "104461", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104461" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9362", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-17T03:23:18.516Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13196
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 19:47
Severity ?
EPSS score ?
Summary
In several places in ihevcd_decode.c, a dead loop could occur due to incomplete frames which could lead to memory leaks. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63522067.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/102414 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.538Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102414" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In several places in ihevcd_decode.c, a dead loop could occur due to incomplete frames which could lead to memory leaks. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63522067." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102414" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13196", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In several places in ihevcd_decode.c, a dead loop could occur due to incomplete frames which could lead to memory leaks. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63522067." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102414" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13196", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T19:47:27.315Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0831
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-17 00:16
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Android framework (window manager). Product: Android. Versions: 8.0. Android ID: A-37442941.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-11-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101775 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.321Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101775", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101775" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Android framework (window manager). Product: Android. Versions: 8.0. Android ID: A-37442941." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-17T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101775", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101775" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0831", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Android framework (window manager). Product: Android. Versions: 8.0. Android ID: A-37442941." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101775", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101775" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0831", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T00:16:41.621Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0461
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32073794. References: QC-CR#1100132.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96743 | vdb-entry, x_refsource_BID | |
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=ce5d6f84420a2e6ca6aad6b866992970dd313a65 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.223Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96743", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96743" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=ce5d6f84420a2e6ca6aad6b866992970dd313a65" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32073794. References: QC-CR#1100132." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96743", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96743" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=ce5d6f84420a2e6ca6aad6b866992970dd313a65" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0461", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32073794. References: QC-CR#1100132." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96743", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96743" }, { "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=ce5d6f84420a2e6ca6aad6b866992970dd313a65", "refsource": "CONFIRM", "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=ce5d6f84420a2e6ca6aad6b866992970dd313a65" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0461", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.223Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0462
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33353601. References: QC-CR#1102288.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.211Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33353601. References: QC-CR#1102288." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0462", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33353601. References: QC-CR#1102288." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0462", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.211Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0735
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-16 19:01
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38239864.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.202Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38239864." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0735", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38239864." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0735", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T19:01:11.931Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10287
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33784446. References: QC-CR#1112751.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98167 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.992Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98167", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98167" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33784446. References: QC-CR#1112751." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98167", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98167" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-10287", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33784446. References: QC-CR#1112751." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98167", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98167" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10287", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-08-06T03:14:42.992Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0807
Vulnerability from cvelistv5
Published
2017-10-03 21:00
Modified
2024-09-17 03:22
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Android framework (ui framework). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35056974.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-10-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101190 | vdb-entry, x_refsource_BID | |
http://www.securityfocus.com/bid/102131 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.342Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "name": "101190", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101190" }, { "name": "102131", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102131" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Android framework (ui framework). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35056974." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-12T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "name": "101190", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101190" }, { "name": "102131", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102131" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-0807", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Android framework (ui framework). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35056974." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "name": "101190", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101190" }, { "name": "102131", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102131" }, { "name": "https://source.android.com/security/bulletin/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0807", "datePublished": "2017-10-03T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:22:50.998Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0600
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35269635.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/frameworks/av/+/961e5ac5788b52304e64b9a509781beaf5201fb0 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.601Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/961e5ac5788b52304e64b9a509781beaf5201fb0" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35269635." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-12T14:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/961e5ac5788b52304e64b9a509781beaf5201fb0" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0600", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35269635." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "https://android.googlesource.com/platform/frameworks/av/+/961e5ac5788b52304e64b9a509781beaf5201fb0", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/av/+/961e5ac5788b52304e64b9a509781beaf5201fb0" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0600", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.601Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13189
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 20:57
Severity ?
EPSS score ?
Summary
A vulnerability in the Android media framework (libavc) related to handling dec_hdl memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68300072.
References
▼ | URL | Tags |
---|---|---|
https://android.googlesource.com/platform/external/libavc/+/5acaa6fc86c73a750e5f4900c4e2d44bf22f683a | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/pixel/2018-01-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.548Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libavc/+/5acaa6fc86c73a750e5f4900c4e2d44bf22f683a" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Android media framework (libavc) related to handling dec_hdl memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68300072." } ], "problemTypes": [ { "descriptions": [ { "description": "Other", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-12T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libavc/+/5acaa6fc86c73a750e5f4900c4e2d44bf22f683a" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13189", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Android media framework (libavc) related to handling dec_hdl memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68300072." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Other" } ] } ] }, "references": { "reference_data": [ { "name": "https://android.googlesource.com/platform/external/libavc/+/5acaa6fc86c73a750e5f4900c4e2d44bf22f683a", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libavc/+/5acaa6fc86c73a750e5f4900c4e2d44bf22f683a" }, { "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13189", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T20:57:19.680Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0448
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-32721029. References: N-CVE-2017-0448.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96105 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.168Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96105", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96105" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-32721029. References: N-CVE-2017-0448." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96105", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96105" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0448", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-32721029. References: N-CVE-2017-0448." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96105", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96105" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0448", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.168Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0554
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate because it could be used to gain access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33815946.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97343 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.393Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97343", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97343" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate because it could be used to gain access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33815946." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97343", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97343" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0554", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate because it could be used to gain access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33815946." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97343", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97343" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0554", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.393Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6751
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30902162. References: Qualcomm QC-CR#1062271.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94139 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.567Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94139", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94139" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30902162. References: Qualcomm QC-CR#1062271." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94139", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94139" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6751", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30902162. References: Qualcomm QC-CR#1062271." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94139", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94139" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6751", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.567Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0718
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-16 16:39
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37273547.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.461Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37273547." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0718", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37273547." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0718", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T16:39:00.692Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0773
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 16:48
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37615911.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100649 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.152Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37615911." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0773", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37615911." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "100649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100649" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0773", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T16:48:38.302Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9422
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-16 18:24
Severity ?
EPSS score ?
Summary
In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74250718 References: Upstream kernel.
References
▼ | URL | Tags |
---|---|---|
https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html | mailing-list, x_refsource_MLIST | |
https://source.android.com/security/bulletin/2018-07-01 | x_refsource_CONFIRM | |
https://bugzilla.suse.com/show_bug.cgi?id=1102001&_ga=2.244341506.661832603.1561012452-1774095668.1553066022 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:17:52.090Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" }, { "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-07-01" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102001\u0026_ga=2.244341506.661832603.1561012452-1774095668.1553066022" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74250718 References: Upstream kernel." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-08-19T19:22:55", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" }, { "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-07-01" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102001\u0026_ga=2.244341506.661832603.1561012452-1774095668.1553066022" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9422", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74250718 References: Upstream kernel." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" }, { "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" }, { "name": "https://source.android.com/security/bulletin/2018-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-07-01" }, { "name": "https://bugzilla.suse.com/show_bug.cgi?id=1102001\u0026_ga=2.244341506.661832603.1561012452-1774095668.1553066022", "refsource": "MISC", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102001\u0026_ga=2.244341506.661832603.1561012452-1774095668.1553066022" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9422", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T18:24:27.587Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0439
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32450647. References: QC-CR#1092059.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96047 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
https://www.codeaurora.org/out-bounds-write-wifi-driver-function-hddextscanpasspointfillnetworklist-cve-2017-0439 | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.135Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96047", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.codeaurora.org/out-bounds-write-wifi-driver-function-hddextscanpasspointfillnetworklist-cve-2017-0439" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32450647. References: QC-CR#1092059." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96047", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.codeaurora.org/out-bounds-write-wifi-driver-function-hddextscanpasspointfillnetworklist-cve-2017-0439" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0439", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32450647. References: QC-CR#1092059." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96047", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "https://www.codeaurora.org/out-bounds-write-wifi-driver-function-hddextscanpasspointfillnetworklist-cve-2017-0439", "refsource": "CONFIRM", "url": "https://www.codeaurora.org/out-bounds-write-wifi-driver-function-hddextscanpasspointfillnetworklist-cve-2017-0439" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0439", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.135Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0520
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750232. References: QC-CR#1082636.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=eb2aad752c43f57e88ab9b0c3c5ee7b976ee31dd | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/96804 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.015Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=eb2aad752c43f57e88ab9b0c3c5ee7b976ee31dd" }, { "name": "96804", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96804" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750232. References: QC-CR#1082636." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=eb2aad752c43f57e88ab9b0c3c5ee7b976ee31dd" }, { "name": "96804", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96804" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0520", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750232. References: QC-CR#1082636." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=eb2aad752c43f57e88ab9b0c3c5ee7b976ee31dd", "refsource": "CONFIRM", "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=eb2aad752c43f57e88ab9b0c3c5ee7b976ee31dd" }, { "name": "96804", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96804" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0520", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.015Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0617
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34471002. References: M-ALPS03149173.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98190 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.795Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98190", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98190" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34471002. References: M-ALPS03149173." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98190", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98190" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0617", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34471002. References: M-ALPS03149173." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98190", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98190" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0617", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.795Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0746
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-16 23:36
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Qualcomm ipa driver. Product: Android. Versions: Android kernel. Android ID: A-35467471. References: QC-CR#2029392.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100213 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.257Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" }, { "name": "100213", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100213" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Qualcomm ipa driver. Product: Android. Versions: Android kernel. Android ID: A-35467471. References: QC-CR#2029392." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" }, { "name": "100213", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100213" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0746", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Qualcomm ipa driver. Product: Android. Versions: Android kernel. Android ID: A-35467471. References: QC-CR#2029392." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" }, { "name": "100213", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100213" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0746", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T23:36:28.166Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8465
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32474971. References: B-RB#106053.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95242 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.355Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95242", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95242" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32474971. References: B-RB#106053." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95242", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95242" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8465", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32474971. References: B-RB#106053." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95242", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95242" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8465", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.355Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13205
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-17 02:52
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64550583.
References
▼ | URL | Tags |
---|---|---|
https://android.googlesource.com/platform/external/libmpeg2/+/29a78a11844fc027fa44be7f8bd8dc1cf8bf89f6 | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/pixel/2018-01-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.523Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libmpeg2/+/29a78a11844fc027fa44be7f8bd8dc1cf8bf89f6" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64550583." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-12T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libmpeg2/+/29a78a11844fc027fa44be7f8bd8dc1cf8bf89f6" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13205", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64550583." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://android.googlesource.com/platform/external/libmpeg2/+/29a78a11844fc027fa44be7f8bd8dc1cf8bf89f6", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libmpeg2/+/29a78a11844fc027fa44be7f8bd8dc1cf8bf89f6" }, { "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13205", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T02:52:57.741Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0830
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-17 00:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Android framework (device policy client). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62623498.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-11-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101775 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.371Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101775", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101775" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Android framework (device policy client). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62623498." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-17T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101775", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101775" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0830", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Android framework (device policy client). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62623498." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101775", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101775" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0830", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T00:11:54.075Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13240
Vulnerability from cvelistv5
Published
2018-02-12 19:00
Modified
2024-09-17 02:11
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Android framework (crypto framework). Product: Android. Versions: 8.0, 8.1. ID: A-68694819.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/103011 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/pixel/2018-02-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.296Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "103011", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103011" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Android framework (crypto framework). Product: Android. Versions: 8.0, 8.1. ID: A-68694819." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-15T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "103011", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103011" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-02-05T00:00:00", "ID": "CVE-2017-13240", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Android framework (crypto framework). Product: Android. Versions: 8.0, 8.1. ID: A-68694819." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "103011", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103011" }, { "name": "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13240", "datePublished": "2018-02-12T19:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T02:11:53.106Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0381
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31607432.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/201702-21 | vendor-advisory, x_refsource_GENTOO | |
https://support.apple.com/HT208144 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/external/libopus/+/0d052d64480a30e83fcdda80f4774624e044beb7 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95248 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1039427 | vdb-entry, x_refsource_SECTRACK | |
https://support.apple.com/HT208113 | x_refsource_CONFIRM | |
https://support.apple.com/HT208112 | x_refsource_CONFIRM | |
https://support.apple.com/HT208115 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.096Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "GLSA-201702-21", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201702-21" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/HT208144" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libopus/+/0d052d64480a30e83fcdda80f4774624e044beb7" }, { "name": "95248", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95248" }, { "name": "1039427", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039427" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/HT208113" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/HT208112" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/HT208115" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31607432." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-23T00:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "GLSA-201702-21", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201702-21" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/HT208144" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libopus/+/0d052d64480a30e83fcdda80f4774624e044beb7" }, { "name": "95248", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95248" }, { "name": "1039427", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039427" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/HT208113" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/HT208112" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/HT208115" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0381", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31607432." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "GLSA-201702-21", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201702-21" }, { "name": "https://support.apple.com/HT208144", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208144" }, { "name": "https://android.googlesource.com/platform/external/libopus/+/0d052d64480a30e83fcdda80f4774624e044beb7", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libopus/+/0d052d64480a30e83fcdda80f4774624e044beb7" }, { "name": "95248", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95248" }, { "name": "1039427", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039427" }, { "name": "https://support.apple.com/HT208113", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208113" }, { "name": "https://support.apple.com/HT208112", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208112" }, { "name": "https://support.apple.com/HT208115", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208115" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0381", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.096Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0429
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32636619. References: N-CVE-2017-0429.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96070 | vdb-entry, x_refsource_BID | |
http://nvidia.custhelp.com/app/answers/detail/a_id/4561 | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.135Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96070", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96070" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32636619. References: N-CVE-2017-0429." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-18T17:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96070", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96070" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0429", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32636619. References: N-CVE-2017-0429." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96070", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96070" }, { "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0429", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.135Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0596
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34749392.
References
▼ | URL | Tags |
---|---|---|
https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1 | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98130 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.803Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98130", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98130" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34749392." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98130", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98130" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0596", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34749392." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98130", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98130" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0596", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.803Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0637
Vulnerability from cvelistv5
Published
2017-06-14 13:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process.Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34064500.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98868 | vdb-entry, x_refsource_BID | |
https://android.googlesource.com/platform/external/libhevc/+/ebaa71da6362c497310377df509651974401d258 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.944Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98868", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98868" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/ebaa71da6362c497310377df509651974401d258" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process.Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34064500." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-07T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98868", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98868" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/ebaa71da6362c497310377df509651974401d258" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0637", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process.Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34064500." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98868", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98868" }, { "name": "https://android.googlesource.com/platform/external/libhevc/+/ebaa71da6362c497310377df509651974401d258", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libhevc/+/ebaa71da6362c497310377df509651974401d258" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0637", "datePublished": "2017-06-14T13:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.944Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10282
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33939045. References: M-ALPS03149189.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98159 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.899Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98159", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98159" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33939045. References: M-ALPS03149189." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-24T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98159", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98159" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-10282", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33939045. References: M-ALPS03149189." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98159", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98159" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10282", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-08-06T03:14:42.899Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0846
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 16:33
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android framework (clipboardservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64934810.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-01-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.268Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android framework (clipboardservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64934810." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-12T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-0846", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android framework (clipboardservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64934810." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0846", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T16:33:50.625Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13173
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 16:13
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek system server. Product: Android. Versions: Android kernel. Android ID A-28067350. References: M-ALPS02672361.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-12-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102108 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.527Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102108", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102108" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek system server. Product: Android. Versions: Android kernel. Android ID A-28067350. References: M-ALPS02672361." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-09T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102108", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102108" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13173", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek system server. Product: Android. Versions: Android kernel. Android ID A-28067350. References: M-ALPS02672361." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102108", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102108" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13173", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T16:13:41.665Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13279
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-16 20:17
Severity ?
EPSS score ?
Summary
In M3UParser::parse of M3UParser.cpp, there is a memory resource exhaustion due to a large loop of pushing items into a vector. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399439.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.518Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In M3UParser::parse of M3UParser.cpp, there is a memory resource exhaustion due to a large loop of pushing items into a vector. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399439." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13279", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In M3UParser::parse of M3UParser.cpp, there is a memory resource exhaustion due to a large loop of pushing items into a vector. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399439." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13279", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T20:17:37.331Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9359
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-17 03:13
Severity ?
EPSS score ?
Summary
In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74196706.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/104461 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:17:52.376Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-06-01" }, { "name": "104461", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104461" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74196706." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-06-01" }, { "name": "104461", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104461" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9359", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74196706." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-06-01" }, { "name": "104461", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104461" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9359", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-17T03:13:53.742Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0503
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28449045. References: M-ALPS02710075.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96726 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.693Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96726", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96726" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28449045. References: M-ALPS02710075." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96726", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96726" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0503", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28449045. References: M-ALPS02710075." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96726", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96726" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0503", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.693Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0845
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-17 03:13
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.272Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-16T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0845", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0845", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:13:02.310Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13183
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-17 01:26
Severity ?
EPSS score ?
Summary
In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free due to a race condition if the user frees the buffer while it's being used in another thread. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.1. Android ID: A-38118127.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/102421 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.601Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "102421", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102421" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free due to a race condition if the user frees the buffer while it\u0027s being used in another thread. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.1. Android ID: A-38118127." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "102421", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102421" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13183", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free due to a race condition if the user frees the buffer while it\u0027s being used in another thread. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.1. Android ID: A-38118127." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "102421", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102421" }, { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13183", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T01:26:48.492Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9446
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-16 18:43
Severity ?
EPSS score ?
Summary
In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80145946.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-08-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1041432 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:17:52.084Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041432" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80145946." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041432" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9446", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80145946." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041432" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9446", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T18:43:42.880Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0870
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-17 03:53
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Android framework (libminikin). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62134807.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/102131 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.509Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "102131", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102131" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Android framework (libminikin). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62134807." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-12T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "102131", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102131" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-0870", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Android framework (libminikin). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62134807." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "102131", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102131" }, { "name": "https://source.android.com/security/bulletin/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0870", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:53:50.091Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8475
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the HTC input driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32591129.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95244 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.339Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95244", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95244" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the HTC input driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32591129." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95244", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95244" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8475", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the HTC input driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32591129." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95244", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95244" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8475", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.339Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-9012
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-16 18:08
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384691.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98874 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:36:31.562Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384691." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-06-05T00:00:00", "ID": "CVE-2015-9012", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384691." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2015-9012", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-09-16T18:08:34.662Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0682
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 18:33
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36588422.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.943Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36588422." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0682", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36588422." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0682", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T18:33:40.927Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13239
Vulnerability from cvelistv5
Published
2018-02-12 19:00
Modified
2024-09-16 20:36
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Android framework (ui framework). Product: Android. Versions: 8.0. ID: A-66244132.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-02-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/103012 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:17.923Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" }, { "name": "103012", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103012" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2018-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Android framework (ui framework). Product: Android. Versions: 8.0. ID: A-66244132." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-15T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" }, { "name": "103012", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103012" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-02-05T00:00:00", "ID": "CVE-2017-13239", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Android framework (ui framework). Product: Android. Versions: 8.0. ID: A-66244132." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" }, { "name": "103012", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103012" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13239", "datePublished": "2018-02-12T19:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T20:36:38.055Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8430
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32225180. References: N-CVE-2016-8430.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95231 | vdb-entry, x_refsource_BID | |
http://nvidia.custhelp.com/app/answers/detail/a_id/4561 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.335Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95231", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95231" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32225180. References: N-CVE-2016-8430." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-18T17:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95231", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95231" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8430", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32225180. References: N-CVE-2016-8430." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95231", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95231" }, { "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8430", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.335Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0668
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 21:57
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-22011579.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/99470 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.711Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "99470", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99470" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-22011579." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "99470", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99470" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0668", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-22011579." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "99470", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99470" }, { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0668", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T21:57:53.281Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8450
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32450563. References: QC-CR#880388.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95269 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.340Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95269", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95269" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32450563. References: QC-CR#880388." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95269", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95269" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8450", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32450563. References: QC-CR#880388." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95269", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95269" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8450", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.340Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0441
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32872662. References: QC-CR#1095009.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96047 | vdb-entry, x_refsource_BID | |
https://www.codeaurora.org/possible-integer-overflow-buffer-overflow-qcanl80211vendorsubcmdextscansetsignificantchange-cve-2017 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.196Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96047", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96047" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.codeaurora.org/possible-integer-overflow-buffer-overflow-qcanl80211vendorsubcmdextscansetsignificantchange-cve-2017" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32872662. References: QC-CR#1095009." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96047", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96047" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.codeaurora.org/possible-integer-overflow-buffer-overflow-qcanl80211vendorsubcmdextscansetsignificantchange-cve-2017" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0441", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32872662. References: QC-CR#1095009." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96047", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96047" }, { "name": "https://www.codeaurora.org/possible-integer-overflow-buffer-overflow-qcanl80211vendorsubcmdextscansetsignificantchange-cve-2017", "refsource": "CONFIRM", "url": "https://www.codeaurora.org/possible-integer-overflow-buffer-overflow-qcanl80211vendorsubcmdextscansetsignificantchange-cve-2017" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0441", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.196Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6730
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30904789. References: NVIDIA N-CVE-2016-6730.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94140 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.568Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94140", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94140" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30904789. References: NVIDIA N-CVE-2016-6730." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94140", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94140" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6730", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30904789. References: NVIDIA N-CVE-2016-6730." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "94140", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94140" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6730", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.568Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0609
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399801. References: QC-CR#1090482.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98174 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.754Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98174", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98174" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399801. References: QC-CR#1090482." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98174", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98174" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0609", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399801. References: QC-CR#1090482." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98174", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98174" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0609", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.754Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13273
Vulnerability from cvelistv5
Published
2018-02-15 02:00
Modified
2024-09-17 01:17
Severity ?
EPSS score ?
Summary
In xt_qtaguid.c, there is a race condition due to insufficient locking. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-65853158.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-02-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.347Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-02-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-02-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In xt_qtaguid.c, there is a race condition due to insufficient locking. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-65853158." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-15T01:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-02-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-02-14T00:00:00", "ID": "CVE-2017-13273", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In xt_qtaguid.c, there is a race condition due to insufficient locking. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-65853158." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-02-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13273", "datePublished": "2018-02-15T02:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T01:17:07.793Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13253
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-09-16 20:16
Severity ?
EPSS score ?
Summary
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71389378.
References
▼ | URL | Tags |
---|---|---|
https://www.exploit-db.com/exploits/44291/ | exploit, x_refsource_EXPLOIT-DB | |
http://www.securityfocus.com/bid/103255 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-03-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:17.924Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "44291", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/44291/" }, { "name": "103255", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103255" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-03-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71389378." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "44291", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/44291/" }, { "name": "103255", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103255" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-03-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2017-13253", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71389378." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "44291", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44291/" }, { "name": "103255", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103255" }, { "name": "https://source.android.com/security/bulletin/2018-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-03-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13253", "datePublished": "2018-04-04T17:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T20:16:53.091Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13260
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-09-16 19:19
Severity ?
EPSS score ?
Summary
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177251.
References
▼ | URL | Tags |
---|---|---|
https://www.exploit-db.com/exploits/44327/ | exploit, x_refsource_EXPLOIT-DB | |
https://source.android.com/security/bulletin/2018-03-01 | x_refsource_CONFIRM | |
https://www.exploit-db.com/exploits/44326/ | exploit, x_refsource_EXPLOIT-DB | |
http://www.securityfocus.com/bid/103253 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.043Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "44327", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/44327/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "44326", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/44326/" }, { "name": "103253", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103253" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177251." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "44327", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/44327/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "44326", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/44326/" }, { "name": "103253", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103253" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2017-13260", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177251." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "44327", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44327/" }, { "name": "https://source.android.com/security/bulletin/2018-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "44326", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44326/" }, { "name": "103253", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103253" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13260", "datePublished": "2018-04-04T17:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T19:19:31.474Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8400
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the NVIDIA librm library (libnvrm) could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: Kernel-3.18. Android ID: A-31251599. References: N-CVE-2016-8400.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://nvidia.custhelp.com/app/answers/detail/a_id/4561 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94713 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.297Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" }, { "name": "94713", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94713" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the NVIDIA librm library (libnvrm) could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: Kernel-3.18. Android ID: A-31251599. References: N-CVE-2016-8400." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-18T17:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" }, { "name": "94713", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94713" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8400", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the NVIDIA librm library (libnvrm) could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: Kernel-3.18. Android ID: A-31251599. References: N-CVE-2016-8400." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" }, { "name": "94713", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94713" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8400", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.297Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0744
Vulnerability from cvelistv5
Published
2018-04-05 18:00
Modified
2024-09-17 03:14
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the NVIDIA firmware processing code. Product: Android. Versions: Android kernel. Android ID: A-34112726. References: N-CVE-2017-0744.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100210 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.462Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" }, { "name": "100210", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100210" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the NVIDIA firmware processing code. Product: Android. Versions: Android kernel. Android ID: A-34112726. References: N-CVE-2017-0744." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-06T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" }, { "name": "100210", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100210" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0744", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the NVIDIA firmware processing code. Product: Android. Versions: Android kernel. Android ID: A-34112726. References: N-CVE-2017-0744." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" }, { "name": "100210", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100210" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0744", "datePublished": "2018-04-05T18:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:14:30.230Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9576
Vulnerability from cvelistv5
Published
2018-12-07 23:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715245.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.340Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-12-07T00:00:00", "descriptions": [ { "lang": "en", "value": "In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715245." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-07T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9576", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715245." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9576", "datePublished": "2018-12-07T23:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.340Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0411
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33042690.
References
▼ | URL | Tags |
---|---|---|
https://www.exploit-db.com/exploits/41354/ | exploit, x_refsource_EXPLOIT-DB | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96056 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.145Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "41354", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/41354/" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96056", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96056" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33042690." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-31T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "41354", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/41354/" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96056", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96056" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0411", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33042690." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "41354", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/41354/" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96056", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96056" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0411", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.145Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0586
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33649808. References: QC-CR#1097569.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97357 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.599Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97357", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97357" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33649808. References: QC-CR#1097569." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97357", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97357" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0586", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33649808. References: QC-CR#1097569." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97357", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97357" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0586", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.599Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0693
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 16:39
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36993291.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:04.975Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36993291." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0693", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36993291." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0693", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T16:39:10.749Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13297
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-17 03:33
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71766721.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.896Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71766721." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13297", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71766721." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13297", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T03:33:58.902Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6783
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31350044. References: MT-ALPS02943437.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94683 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.782Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94683", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94683" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31350044. References: MT-ALPS02943437." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94683", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94683" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6783", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31350044. References: MT-ALPS02943437." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94683", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94683" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6783", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.782Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13149
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 20:37
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65719872.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.496Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65719872." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-06T13:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13149", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65719872." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13149", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T20:37:43.362Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9497
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-16 23:46
Severity ?
EPSS score ?
Summary
In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv_av8 of impeg2_format_conv.s there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-74078669
References
▼ | URL | Tags |
---|---|---|
https://android.googlesource.com/platform/external/libmpeg2/+/bef16671c891e16f25a7b174bc528eea109357be | x_refsource_MISC | |
https://source.android.com/security/bulletin/2018-10-01%2C | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/105481 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.182Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libmpeg2/+/bef16671c891e16f25a7b174bc528eea109357be" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "name": "105481", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105481" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv_av8 of impeg2_format_conv.s there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-74078669" } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/external/libmpeg2/+/bef16671c891e16f25a7b174bc528eea109357be" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "name": "105481", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105481" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9497", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv_av8 of impeg2_format_conv.s there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-74078669" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://android.googlesource.com/platform/external/libmpeg2/+/bef16671c891e16f25a7b174bc528eea109357be", "refsource": "MISC", "url": "https://android.googlesource.com/platform/external/libmpeg2/+/bef16671c891e16f25a7b174bc528eea109357be" }, { "name": "https://source.android.com/security/bulletin/2018-10-01,", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01," }, { "name": "105481", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105481" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9497", "datePublished": "2018-10-02T19:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T23:46:20.247Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0528
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the kernel security subsystem could enable a local malicious application to to execute code in the context of a privileged process. This issue is rated as High because it is a general bypass for a kernel level defense in depth or exploit mitigation technology. Product: Android. Versions: Kernel-3.18. Android ID: A-33351919.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96807 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.314Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96807", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96807" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the kernel security subsystem could enable a local malicious application to to execute code in the context of a privileged process. This issue is rated as High because it is a general bypass for a kernel level defense in depth or exploit mitigation technology. Product: Android. Versions: Kernel-3.18. Android ID: A-33351919." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96807", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96807" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0528", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the kernel security subsystem could enable a local malicious application to to execute code in the context of a privileged process. This issue is rated as High because it is a general bypass for a kernel level defense in depth or exploit mitigation technology. Product: Android. Versions: Kernel-3.18. Android ID: A-33351919." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96807", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96807" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0528", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.314Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8481
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906415. References: QC-CR#1078000.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96053 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.442Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96053", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96053" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906415. References: QC-CR#1078000." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96053", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96053" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8481", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906415. References: QC-CR#1078000." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96053", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96053" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8481", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.442Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8406
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796940.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94686 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.307Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94686", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94686" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796940." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94686", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94686" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8406", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796940." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94686", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94686" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8406", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.307Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0517
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek hardware sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-32372051. References: M-ALPS02973195.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96799 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.177Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96799", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96799" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek hardware sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-32372051. References: M-ALPS02973195." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96799", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96799" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0517", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek hardware sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-32372051. References: M-ALPS02973195." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96799", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96799" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0517", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.177Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13263
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-09-16 20:52
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 8.0, 8.1. Android ID: A-69383160.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-03-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.969Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 8.0, 8.1. Android ID: A-69383160." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T16:57:02", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2017-13263", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 8.0, 8.1. Android ID: A-69383160." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13263", "datePublished": "2018-04-04T17:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T20:52:45.725Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6715
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could allow a local malicious application to record audio without the user's permission. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29833954.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94173 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.569Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94173", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94173" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could allow a local malicious application to record audio without the user\u0027s permission. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29833954." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94173", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94173" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6715", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could allow a local malicious application to record audio without the user\u0027s permission. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29833954." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "94173", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94173" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6715", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.569Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0382
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32338390.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95247 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.051Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95247", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95247" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32338390." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95247", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95247" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0382", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32338390." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95247", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95247" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0382", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.051Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13203
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 20:17
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63122634.
References
▼ | URL | Tags |
---|---|---|
https://android.googlesource.com/platform/external/libavc/+/e86d3cfd2bc28dac421092106751e5638d54a848 | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/pixel/2018-01-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.673Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libavc/+/e86d3cfd2bc28dac421092106751e5638d54a848" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63122634." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-12T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libavc/+/e86d3cfd2bc28dac421092106751e5638d54a848" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13203", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63122634." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://android.googlesource.com/platform/external/libavc/+/e86d3cfd2bc28dac421092106751e5638d54a848", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libavc/+/e86d3cfd2bc28dac421092106751e5638d54a848" }, { "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13203", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T20:17:43.501Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8483
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-33745862. References: QC-CR#1035099.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96805 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6997dcb7ade1315474855821e64782205cb0b53a | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.350Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96805", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96805" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6997dcb7ade1315474855821e64782205cb0b53a" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-33745862. References: QC-CR#1035099." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96805", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96805" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6997dcb7ade1315474855821e64782205cb0b53a" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8483", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-33745862. References: QC-CR#1035099." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "96805", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96805" }, { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6997dcb7ade1315474855821e64782205cb0b53a", "refsource": "CONFIRM", "url": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6997dcb7ade1315474855821e64782205cb0b53a" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8483", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.350Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9473
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-17 04:09
Severity ?
EPSS score ?
Summary
In ihevcd_parse_sei_payload of ihevcd_parse_headers.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-65484460
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-10-01%2C | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/105481 | vdb-entry, x_refsource_BID | |
https://android.googlesource.com/platform/external/libhevc/+/9f0fb67540d2259e4930d9bd5f1a1a6fb95af862 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:54.955Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "name": "105481", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105481" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/9f0fb67540d2259e4930d9bd5f1a1a6fb95af862" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-8.0" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In ihevcd_parse_sei_payload of ihevcd_parse_headers.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-65484460" } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "name": "105481", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105481" }, { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/9f0fb67540d2259e4930d9bd5f1a1a6fb95af862" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9473", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ihevcd_parse_sei_payload of ihevcd_parse_headers.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-65484460" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-10-01,", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01," }, { "name": "105481", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105481" }, { "name": "https://android.googlesource.com/platform/external/libhevc/+/9f0fb67540d2259e4930d9bd5f1a1a6fb95af862", "refsource": "MISC", "url": "https://android.googlesource.com/platform/external/libhevc/+/9f0fb67540d2259e4930d9bd5f1a1a6fb95af862" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9473", "datePublished": "2018-10-02T19:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-17T04:09:25.363Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0385
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32585400.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95239 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.080Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95239", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95239" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32585400." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95239", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95239" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0385", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32585400." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95239", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95239" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0385", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.080Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0485
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33387820.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96733 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.756Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96733", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96733" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33387820." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96733", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96733" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0485", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33387820." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96733", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96733" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0485", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.756Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8397
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31385953. References: N-CVE-2016-8397.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94714 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://nvidia.custhelp.com/app/answers/detail/a_id/4561 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.091Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94714", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94714" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31385953. References: N-CVE-2016-8397." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-18T17:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94714", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94714" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8397", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31385953. References: N-CVE-2016-8397." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "94714", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94714" }, { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8397", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.091Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0393
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-30436808.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95230 | vdb-entry, x_refsource_BID | |
https://android.googlesource.com/platform/external/libvpx/+/6886e8e0a9db2dbad723dc37a548233e004b33bc | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.061Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95230", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95230" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libvpx/+/6886e8e0a9db2dbad723dc37a548233e004b33bc" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-30436808." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95230", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95230" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libvpx/+/6886e8e0a9db2dbad723dc37a548233e004b33bc" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0393", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-30436808." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95230", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95230" }, { "name": "https://android.googlesource.com/platform/external/libvpx/+/6886e8e0a9db2dbad723dc37a548233e004b33bc", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libvpx/+/6886e8e0a9db2dbad723dc37a548233e004b33bc" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0393", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.061Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0574
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34624457. References: B-RB#113189.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97331 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.547Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97331", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97331" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34624457. References: B-RB#113189." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97331", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97331" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0574", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34624457. References: B-RB#113189." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97331", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97331" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0574", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.547Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0791
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 18:17
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37306719. References: B-V2017052302.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100655 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.264Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100655", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100655" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37306719. References: B-V2017052302." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100655", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100655" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0791", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37306719. References: B-V2017052302." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100655", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100655" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0791", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T18:17:55.853Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0498
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in Setup Wizard could allow a local attacker to require Google account sign-in after a factory reset. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30352311.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96793 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.615Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96793", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96793" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in Setup Wizard could allow a local attacker to require Google account sign-in after a factory reset. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30352311." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96793", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96793" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0498", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in Setup Wizard could allow a local attacker to require Google account sign-in after a factory reset. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30352311." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96793", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96793" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0498", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.615Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9569
Vulnerability from cvelistv5
Published
2018-12-07 23:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In impd_init_drc_decode_post_config of impd_drc_gain_decoder.c there is a possible out-of-bound write due to incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113885537.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.163Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-12-07T00:00:00", "descriptions": [ { "lang": "en", "value": "In impd_init_drc_decode_post_config of impd_drc_gain_decoder.c there is a possible out-of-bound write due to incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113885537." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-07T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9569", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In impd_init_drc_decode_post_config of impd_drc_gain_decoder.c there is a possible out-of-bound write due to incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113885537." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9569", "datePublished": "2018-12-07T23:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.163Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0629
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35214296. References: QC-CR#1086833.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98212 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.948Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98212", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98212" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35214296. References: QC-CR#1086833." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98212", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98212" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0629", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35214296. References: QC-CR#1086833." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "98212", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98212" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0629", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.948Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0402
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32436341.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95226 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.110Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57" }, { "name": "95226", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95226" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32436341." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57" }, { "name": "95226", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95226" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0402", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32436341." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac" }, { "name": "https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57" }, { "name": "95226", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95226" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0402", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.110Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0673
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-17 02:41
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33974623.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.947Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33974623." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0673", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33974623." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0673", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T02:41:07.380Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13291
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-17 00:02
Severity ?
EPSS score ?
Summary
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible NULL pointer dereference due to missing bounds checks. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603553.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.933Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible NULL pointer dereference due to missing bounds checks. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603553." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13291", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible NULL pointer dereference due to missing bounds checks. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603553." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13291", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T00:02:21.834Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0628
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34230377. References: QC-CR#1086833.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98211 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.932Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98211", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98211" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34230377. References: QC-CR#1086833." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98211", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98211" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0628", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34230377. References: QC-CR#1086833." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "98211", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98211" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0628", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.932Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13163
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-17 01:00
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the kernel mtp usb driver. Product: Android. Versions: Android kernel. Android ID A-37429972.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.511Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the kernel mtp usb driver. Product: Android. Versions: Android kernel. Android ID A-37429972." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-06T13:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13163", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the kernel mtp usb driver. Product: Android. Versions: Android kernel. Android ID A-37429972." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13163", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T01:00:34.198Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6723
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in Proxy Auto Config in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Android ID: A-30100884.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94185 | vdb-entry, x_refsource_BID | |
https://wwws.nightwatchcybersecurity.com/2016/11/07/crashing-android-devices-with-large-pac-files-cve-2016-6723/ | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.564Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94185", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94185" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://wwws.nightwatchcybersecurity.com/2016/11/07/crashing-android-devices-with-large-pac-files-cve-2016-6723/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in Proxy Auto Config in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Android ID: A-30100884." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-19T21:57:02", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94185", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94185" }, { "tags": [ "x_refsource_MISC" ], "url": "https://wwws.nightwatchcybersecurity.com/2016/11/07/crashing-android-devices-with-large-pac-files-cve-2016-6723/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6723", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in Proxy Auto Config in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Android ID: A-30100884." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94185", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94185" }, { "name": "https://wwws.nightwatchcybersecurity.com/2016/11/07/crashing-android-devices-with-large-pac-files-cve-2016-6723/", "refsource": "MISC", "url": "https://wwws.nightwatchcybersecurity.com/2016/11/07/crashing-android-devices-with-large-pac-files-cve-2016-6723/" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6723", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.564Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0620
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35401052. References: QC-CR#1081711.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98193 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.932Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98193", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98193" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35401052. References: QC-CR#1081711." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-16T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98193", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98193" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0620", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35401052. References: QC-CR#1081711." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98193", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98193" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0620", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.932Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13226
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-17 04:25
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek mtk. Product: Android. Versions: Android kernel. Android ID: A-32591194. References: M-ALPS03149184.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-01-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.615Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek mtk. Product: Android. Versions: Android kernel. Android ID: A-32591194. References: M-ALPS03149184." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-12T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13226", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek mtk. Product: Android. Versions: Android kernel. Android ID: A-32591194. References: M-ALPS03149184." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13226", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T04:25:16.971Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8435
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32700935. References: N-CVE-2016-8435.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95254 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.360Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95254", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95254" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32700935. References: N-CVE-2016-8435." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95254", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95254" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8435", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32700935. References: N-CVE-2016-8435." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95254", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95254" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8435", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.360Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8486
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-16 17:34
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823691.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/96737 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.413Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "96737", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96737" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823691." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "96737", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96737" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-03-06T00:00:00", "ID": "CVE-2016-8486", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823691." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "96737", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96737" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8486", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-09-16T17:34:10.781Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0390
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in Tremolo/dpen.s in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31647370.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95230 | vdb-entry, x_refsource_BID | |
https://android.googlesource.com/platform/external/tremolo/+/5dc99237d49e73c27d3eca54f6ccd97d13f94de0 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.016Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95230", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95230" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/tremolo/+/5dc99237d49e73c27d3eca54f6ccd97d13f94de0" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in Tremolo/dpen.s in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31647370." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95230", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95230" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/tremolo/+/5dc99237d49e73c27d3eca54f6ccd97d13f94de0" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0390", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in Tremolo/dpen.s in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31647370." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95230", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95230" }, { "name": "https://android.googlesource.com/platform/external/tremolo/+/5dc99237d49e73c27d3eca54f6ccd97d13f94de0", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/tremolo/+/5dc99237d49e73c27d3eca54f6ccd97d13f94de0" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0390", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.016Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13258
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-09-16 18:39
Severity ?
EPSS score ?
Summary
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67863755.
References
▼ | URL | Tags |
---|---|---|
https://www.exploit-db.com/exploits/44327/ | exploit, x_refsource_EXPLOIT-DB | |
https://source.android.com/security/bulletin/2018-03-01 | x_refsource_CONFIRM | |
https://www.exploit-db.com/exploits/44326/ | exploit, x_refsource_EXPLOIT-DB | |
http://www.securityfocus.com/bid/103253 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.524Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "44327", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/44327/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "44326", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/44326/" }, { "name": "103253", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103253" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67863755." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "44327", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/44327/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "44326", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/44326/" }, { "name": "103253", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103253" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2017-13258", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67863755." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "44327", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44327/" }, { "name": "https://source.android.com/security/bulletin/2018-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "44326", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44326/" }, { "name": "103253", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103253" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13258", "datePublished": "2018-04-04T17:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T18:39:45.529Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0508
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33940449.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96952 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.716Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96952", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96952" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33940449." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96952", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96952" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0508", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33940449." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96952", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96952" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0508", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.716Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0630
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98213 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.835Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98213", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98213" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98213", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98213" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0630", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98213", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98213" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0630", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.835Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0855
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-17 00:00
Severity ?
EPSS score ?
Summary
In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up internal buffers which could lead to memory leaks. This could lead to remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64452857.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/102414 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.407Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102414" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up internal buffers which could lead to memory leaks. This could lead to remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64452857." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102414" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-0855", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up internal buffers which could lead to memory leaks. This could lead to remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64452857." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102414" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0855", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T00:00:53.386Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0428
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32401526. References: N-CVE-2017-0428.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96070 | vdb-entry, x_refsource_BID | |
http://nvidia.custhelp.com/app/answers/detail/a_id/4561 | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.125Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96070", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96070" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32401526. References: N-CVE-2017-0428." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-18T17:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96070", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96070" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0428", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32401526. References: N-CVE-2017-0428." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96070", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96070" }, { "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0428", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.125Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0478
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33718716.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
https://github.com/JiounDai/CVE-2017-0478 | x_refsource_MISC | |
http://www.securityfocus.com/bid/96762 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.011Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/JiounDai/CVE-2017-0478" }, { "name": "96762", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96762" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33718716." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/JiounDai/CVE-2017-0478" }, { "name": "96762", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96762" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0478", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33718716." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "https://github.com/JiounDai/CVE-2017-0478", "refsource": "MISC", "url": "https://github.com/JiounDai/CVE-2017-0478" }, { "name": "96762", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96762" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0478", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.011Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9537
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891564
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105865 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.947Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105865", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105865" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891564" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-15T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105865", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105865" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9537", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891564" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "105865", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105865" }, { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9537", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.947Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9575
Vulnerability from cvelistv5
Published
2018-12-07 23:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In impd_parse_dwnmix_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116619387.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.989Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-12-07T00:00:00", "descriptions": [ { "lang": "en", "value": "In impd_parse_dwnmix_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116619387." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-07T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9575", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In impd_parse_dwnmix_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116619387." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9575", "datePublished": "2018-12-07T23:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.989Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9492
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-16 22:31
Severity ?
EPSS score ?
Summary
In checkGrantUriPermissionLocked of ActivityManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-111934948
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-10-01%2C | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/105484 | vdb-entry, x_refsource_BID | |
https://android.googlesource.com/platform/frameworks/base/+/962fb40991f15be4f688d960aa00073683ebdd20 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-8.0 Android-8.1 Android-9.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:54.941Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "name": "105484", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105484" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/962fb40991f15be4f688d960aa00073683ebdd20" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-8.0 Android-8.1 Android-9.0" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In checkGrantUriPermissionLocked of ActivityManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-111934948" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "name": "105484", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105484" }, { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/962fb40991f15be4f688d960aa00073683ebdd20" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9492", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-8.0 Android-8.1 Android-9.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In checkGrantUriPermissionLocked of ActivityManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-111934948" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-10-01,", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01," }, { "name": "105484", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105484" }, { "name": "https://android.googlesource.com/platform/frameworks/base/+/962fb40991f15be4f688d960aa00073683ebdd20", "refsource": "MISC", "url": "https://android.googlesource.com/platform/frameworks/base/+/962fb40991f15be4f688d960aa00073683ebdd20" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9492", "datePublished": "2018-10-02T19:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T22:31:12.845Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0488
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097213.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96733 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.518Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96733", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96733" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097213." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96733", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96733" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0488", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097213." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96733", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96733" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0488", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.518Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0755
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 18:14
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Android libraries (libminikin). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-32178311.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100650 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.481Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100650", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100650" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Android libraries (libminikin). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-32178311." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100650", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100650" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0755", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Android libraries (libminikin). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-32178311." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100650", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100650" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0755", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T18:14:38.169Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8425
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31797770. References: N-CVE-2016-8425.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95231 | vdb-entry, x_refsource_BID | |
http://nvidia.custhelp.com/app/answers/detail/a_id/4561 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.327Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95231", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95231" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31797770. References: N-CVE-2016-8425." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-18T17:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95231", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95231" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8425", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31797770. References: N-CVE-2016-8425." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95231", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95231" }, { "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8425", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.327Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10291
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm Slimbus driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-34030871. References: QC-CR#986837.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98183 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.926Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98183", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98183" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm Slimbus driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-34030871. References: QC-CR#986837." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98183", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98183" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-10291", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm Slimbus driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-34030871. References: QC-CR#986837." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98183", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98183" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10291", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-08-06T03:14:42.926Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13160
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-17 02:56
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-37160362.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/102109 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.487Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "102109", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102109" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-37160362." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-09T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "102109", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102109" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13160", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-37160362." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "102109", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102109" }, { "name": "https://source.android.com/security/bulletin/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13160", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T02:56:41.346Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13288
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-16 16:59
Severity ?
EPSS score ?
Summary
In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, there is a permission bypass due to a 64/32bit int mismatch. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-69634768.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.419Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, there is a permission bypass due to a 64/32bit int mismatch. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-69634768." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13288", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, there is a permission bypass due to a 64/32bit int mismatch. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-69634768." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13288", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T16:59:05.258Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9455
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-16 20:02
Severity ?
EPSS score ?
Summary
In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78136677.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-08-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1041432 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:54.957Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041432" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78136677." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041432" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9455", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78136677." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041432" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9455", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T20:02:21.254Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8393
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31911920.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94682 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.231Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94682", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94682" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31911920." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94682", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94682" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8393", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31911920." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94682", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94682" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8393", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.231Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9448
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-16 19:10
Severity ?
EPSS score ?
Summary
In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-79944113.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-08-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1041432 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-8.0 Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:17:52.293Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041432" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-8.0 Android-8.1" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-79944113." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041432" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9448", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-8.0 Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-79944113." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041432" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9448", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T19:10:20.406Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13162
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-17 02:06
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the kernel binder. Product: Android. Versions: Android kernel. Android ID A-64216036.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/102107 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.645Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "102107", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102107" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the kernel binder. Product: Android. Versions: Android kernel. Android ID A-64216036." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-08T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "102107", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102107" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13162", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the kernel binder. Product: Android. Versions: Android kernel. Android ID A-64216036." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "102107", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102107" }, { "name": "https://source.android.com/security/bulletin/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13162", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T02:06:35.185Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8410
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31498403. References: QC-CR#987010.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94709 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.285Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94709", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94709" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31498403. References: QC-CR#987010." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94709", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94709" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8410", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31498403. References: QC-CR#987010." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94709", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94709" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8410", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.285Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13182
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 19:52
Severity ?
EPSS score ?
Summary
In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to an out-of-bounds write. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67737022.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/102414 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.539Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102414" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to an out-of-bounds write. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67737022." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102414" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13182", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to an out-of-bounds write. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67737022." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102414" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13182", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T19:52:15.231Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0500
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28429685. References: M-ALPS02710006.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96726 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.744Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96726", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96726" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28429685. References: M-ALPS02710006." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96726", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96726" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0500", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28429685. References: M-ALPS02710006." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96726", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96726" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0500", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.744Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13301
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-17 02:06
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-66498711.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.479Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-66498711." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13301", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-66498711." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13301", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T02:06:42.157Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0521
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32919951. References: QC-CR#1097709.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=dbe4f26f200db10deaf38676b96d8738afcc10c8 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/96951 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.754Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=dbe4f26f200db10deaf38676b96d8738afcc10c8" }, { "name": "96951", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96951" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32919951. References: QC-CR#1097709." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=dbe4f26f200db10deaf38676b96d8738afcc10c8" }, { "name": "96951", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96951" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0521", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32919951. References: QC-CR#1097709." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=dbe4f26f200db10deaf38676b96d8738afcc10c8", "refsource": "CONFIRM", "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=dbe4f26f200db10deaf38676b96d8738afcc10c8" }, { "name": "96951", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96951" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0521", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.754Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8402
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495231.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94686 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.213Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94686", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94686" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495231." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94686", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94686" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8402", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495231." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94686", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94686" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8402", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.213Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0643
Vulnerability from cvelistv5
Published
2017-06-14 13:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-35645051.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98868 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.707Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98868", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98868" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-35645051." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-07T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98868", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98868" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0643", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-35645051." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98868", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98868" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0643", "datePublished": "2017-06-14T13:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.707Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0469
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33450635.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96717 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.623Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96717" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33450635." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96717" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0469", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33450635." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96717" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0469", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.623Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0527
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the HTC Sensor Hub Driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33899318.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96949 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.949Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96949", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96949" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the HTC Sensor Hub Driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33899318." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96949", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96949" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0527", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the HTC Sensor Hub Driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33899318." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96949", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96949" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0527", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.949Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0787
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 20:31
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722970. References: B-V2017053104.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100655 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.298Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100655", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100655" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722970. References: B-V2017053104." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100655", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100655" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0787", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722970. References: B-V2017053104." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100655", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100655" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0787", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T20:31:19.551Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9502
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-16 17:42
Severity ?
EPSS score ?
Summary
In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111936792
References
▼ | URL | Tags |
---|---|---|
https://android.googlesource.com/platform/system/bt/+/92a7bf8c44a236607c146240f3c0adc1ae01fedf%2C | x_refsource_MISC | |
http://www.securityfocus.com/bid/105482 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-10-01%2C | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/system/bt/+/9fe27a9b445f7e911286ed31c1087ceac567736b | x_refsource_MISC | |
https://android.googlesource.com/platform/system/bt/+/d4a34fefbf292d1e02336e4e272da3ef1e3eef85%2C | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.305Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/system/bt/+/92a7bf8c44a236607c146240f3c0adc1ae01fedf%2C" }, { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/system/bt/+/9fe27a9b445f7e911286ed31c1087ceac567736b" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/system/bt/+/d4a34fefbf292d1e02336e4e272da3ef1e3eef85%2C" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111936792" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/system/bt/+/92a7bf8c44a236607c146240f3c0adc1ae01fedf%2C" }, { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/system/bt/+/9fe27a9b445f7e911286ed31c1087ceac567736b" }, { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/system/bt/+/d4a34fefbf292d1e02336e4e272da3ef1e3eef85%2C" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9502", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111936792" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://android.googlesource.com/platform/system/bt/+/92a7bf8c44a236607c146240f3c0adc1ae01fedf,", "refsource": "MISC", "url": "https://android.googlesource.com/platform/system/bt/+/92a7bf8c44a236607c146240f3c0adc1ae01fedf," }, { "name": "105482", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105482" }, { "name": "https://source.android.com/security/bulletin/2018-10-01,", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01," }, { "name": "https://android.googlesource.com/platform/system/bt/+/9fe27a9b445f7e911286ed31c1087ceac567736b", "refsource": "MISC", "url": "https://android.googlesource.com/platform/system/bt/+/9fe27a9b445f7e911286ed31c1087ceac567736b" }, { "name": "https://android.googlesource.com/platform/system/bt/+/d4a34fefbf292d1e02336e4e272da3ef1e3eef85,", "refsource": "MISC", "url": "https://android.googlesource.com/platform/system/bt/+/d4a34fefbf292d1e02336e4e272da3ef1e3eef85," } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9502", "datePublished": "2018-10-02T19:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T17:42:59.267Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0437
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402310. References: QC-CR#1092497.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96047 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.145Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96047", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402310. References: QC-CR#1092497." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96047", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0437", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402310. References: QC-CR#1092497." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96047", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0437", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.145Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6717
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability. Android ID: A-31350239.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94178 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.595Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94178", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94178" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability. Android ID: A-31350239." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94178", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94178" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6717", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability. Android ID: A-31350239." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94178", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94178" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6717", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.595Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0878
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 23:22
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 8.0. Android ID A-65186291.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-12-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102126 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.507Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102126" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 8.0. Android ID A-65186291." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-12T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102126" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-0878", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 8.0. Android ID A-65186291." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102126" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0878", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T23:22:04.358Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0424
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it is a general bypass for a user level defense in depth or exploit mitigation technology in a privileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322450.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96104 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.201Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96104", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96104" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it is a general bypass for a user level defense in depth or exploit mitigation technology in a privileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322450." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96104", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96104" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0424", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it is a general bypass for a user level defense in depth or exploit mitigation technology in a privileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322450." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96104", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96104" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0424", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.201Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0683
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-17 00:46
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36591008.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.903Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36591008." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0683", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36591008." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0683", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T00:46:17.282Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6750
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30312054. References: Qualcomm QC-CR#1052825.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94139 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.545Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94139", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94139" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30312054. References: Qualcomm QC-CR#1052825." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94139", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94139" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6750", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30312054. References: Qualcomm QC-CR#1052825." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94139", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94139" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6750", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.545Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0484
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33298089.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96733 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.560Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96733", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96733" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33298089." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96733", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96733" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0484", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33298089." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96733", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96733" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0484", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.560Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0403
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402548.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95274 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.058Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95274", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95274" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402548." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95274", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95274" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0403", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402548." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95274", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95274" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0403", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.058Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9510
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-17 02:36
Severity ?
EPSS score ?
Summary
In smp_proc_enc_info of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111937065
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105482 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-10-01%2C | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/system/bt/+/6e4b8e505173f803a5fc05abc09f64eef89dc308 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.849Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/system/bt/+/6e4b8e505173f803a5fc05abc09f64eef89dc308" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In smp_proc_enc_info of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111937065" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/system/bt/+/6e4b8e505173f803a5fc05abc09f64eef89dc308" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9510", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In smp_proc_enc_info of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111937065" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "105482", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105482" }, { "name": "https://source.android.com/security/bulletin/2018-10-01,", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01," }, { "name": "https://android.googlesource.com/platform/system/bt/+/6e4b8e505173f803a5fc05abc09f64eef89dc308", "refsource": "MISC", "url": "https://android.googlesource.com/platform/system/bt/+/6e4b8e505173f803a5fc05abc09f64eef89dc308" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9510", "datePublished": "2018-10-02T19:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-17T02:36:07.667Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0843
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-16 18:44
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek ccci. Product: Android. Versions: Android kernel. Android ID: A-62670819. References: M-ALPS03361488.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.516Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek ccci. Product: Android. Versions: Android kernel. Android ID: A-62670819. References: M-ALPS03361488." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-16T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0843", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek ccci. Product: Android. Versions: Android kernel. Android ID: A-62670819. References: M-ALPS03361488." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0843", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T18:44:04.135Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0487
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33751193.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96733 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.592Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96733", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96733" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33751193." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96733", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96733" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0487", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33751193." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96733", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96733" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0487", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.592Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0559
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33897722.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97352 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.352Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97352", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97352" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33897722." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97352", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97352" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0559", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33897722." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97352", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97352" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0559", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.352Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0794
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-17 04:24
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100667 | vdb-entry, x_refsource_BID | |
https://usn.ubuntu.com/3798-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3798-2/ | vendor-advisory, x_refsource_UBUNTU |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.340Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100667", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100667" }, { "name": "USN-3798-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3798-1/" }, { "name": "USN-3798-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3798-2/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-30T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100667", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100667" }, { "name": "USN-3798-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3798-1/" }, { "name": "USN-3798-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3798-2/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0794", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100667", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100667" }, { "name": "USN-3798-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3798-1/" }, { "name": "USN-3798-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3798-2/" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0794", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T04:24:02.415Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0602
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34946955.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98141 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.797Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98141", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98141" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34946955." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98141", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98141" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0602", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34946955." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "98141", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98141" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0602", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.797Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6760
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29617572. References: QC-CR#1055783.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94677 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.780Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94677", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94677" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29617572. References: QC-CR#1055783." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94677", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94677" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6760", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29617572. References: QC-CR#1055783." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94677", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94677" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6760", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.780Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8444
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31243641. References: QC-CR#1074310.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95238 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.349Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95238", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95238" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31243641. References: QC-CR#1074310." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95238", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95238" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8444", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31243641. References: QC-CR#1074310." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95238", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95238" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8444", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.349Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0497
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33300701.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96795 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.672Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96795", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96795" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33300701." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96795", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96795" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0497", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33300701." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96795", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96795" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0497", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.672Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0819
Vulnerability from cvelistv5
Published
2017-10-03 21:00
Modified
2024-09-16 20:03
Severity ?
EPSS score ?
Summary
A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63045918.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-10-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101151 | vdb-entry, x_refsource_BID | |
https://android.googlesource.com/platform/external/libhevc/+/87fb7909c49e6a4510ba86ace1ffc83459c7e1b9 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.453Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "name": "101151", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101151" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/87fb7909c49e6a4510ba86ace1ffc83459c7e1b9" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63045918." } ], "problemTypes": [ { "descriptions": [ { "description": "Other", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-06T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "name": "101151", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101151" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/87fb7909c49e6a4510ba86ace1ffc83459c7e1b9" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-10-02T00:00:00", "ID": "CVE-2017-0819", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63045918." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Other" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "name": "101151", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101151" }, { "name": "https://android.googlesource.com/platform/external/libhevc/+/87fb7909c49e6a4510ba86ace1ffc83459c7e1b9", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libhevc/+/87fb7909c49e6a4510ba86ace1ffc83459c7e1b9" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0819", "datePublished": "2017-10-03T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T20:03:11.975Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0479
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32707507.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96958 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.591Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96958", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96958" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32707507." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96958", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96958" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0479", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32707507." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96958", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96958" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0479", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.591Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8401
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31494725.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94686 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.119Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94686", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94686" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31494725." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94686", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94686" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8401", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31494725." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94686", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94686" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8401", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.119Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0675
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 17:23
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34779227.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.807Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34779227." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0675", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34779227." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0675", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T17:23:47.583Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6735
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30907701. References: NVIDIA N-CVE-2016-6735.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94140 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.560Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94140", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94140" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30907701. References: NVIDIA N-CVE-2016-6735." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94140", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94140" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6735", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30907701. References: NVIDIA N-CVE-2016-6735." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "94140", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94140" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6735", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.560Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8478
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511270. References: QC-CR#1088206.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96734 | vdb-entry, x_refsource_BID | |
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.334Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96734", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96734" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511270. References: QC-CR#1088206." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96734", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96734" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8478", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511270. References: QC-CR#1088206." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96734", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96734" }, { "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f", "refsource": "CONFIRM", "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8478", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.334Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0762
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-17 03:17
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62214264.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100649 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.052Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62214264." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0762", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62214264." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "100649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100649" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0762", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:17:37.999Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6704
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-30229821.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94134 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.469Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94134", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94134" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-30229821." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-12T14:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94134", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94134" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6704", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-30229821." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94134", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94134" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6704", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.469Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0549
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33818508.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/97336 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/external/libavc/+/37345554fea84afd446d6d8fbb87feea5a0dde3f | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.116Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "97336", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97336" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libavc/+/37345554fea84afd446d6d8fbb87feea5a0dde3f" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33818508." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "97336", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97336" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libavc/+/37345554fea84afd446d6d8fbb87feea5a0dde3f" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0549", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33818508." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "97336", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97336" }, { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "https://android.googlesource.com/platform/external/libavc/+/37345554fea84afd446d6d8fbb87feea5a0dde3f", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libavc/+/37345554fea84afd446d6d8fbb87feea5a0dde3f" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0549", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.116Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0644
Vulnerability from cvelistv5
Published
2017-06-14 13:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-35472997.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98868 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.696Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98868", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98868" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-35472997." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-07T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98868", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98868" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0644", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-35472997." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98868", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98868" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0644", "datePublished": "2017-06-14T13:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.696Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0417
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32705438.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96055 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.149Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96055", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96055" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32705438." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96055", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96055" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0417", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32705438." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96055", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96055" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0417", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.149Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9488
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-17 01:50
Severity ?
EPSS score ?
Summary
In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. This could lead to a local escalation of privilege, with System privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-110107376.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-09-01 | x_refsource_CONFIRM | |
https://www.exploit-db.com/exploits/45379/ | exploit, x_refsource_EXPLOIT-DB |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-8.0 Android-8.1 Android-9.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:54.938Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-09-01" }, { "name": "45379", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/45379/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-8.0 Android-8.1 Android-9.0" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. This could lead to a local escalation of privilege, with System privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-110107376." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-09-01" }, { "name": "45379", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/45379/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9488", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-8.0 Android-8.1 Android-9.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. This could lead to a local escalation of privilege, with System privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-110107376." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-09-01" }, { "name": "45379", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/45379/" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9488", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-17T01:50:46.089Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0865
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-16 19:40
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-65025090. References: M-ALPS02973195.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.419Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-65025090. References: M-ALPS02973195." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-16T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0865", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-65025090. References: M-ALPS02973195." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0865", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T19:40:26.533Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0627
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33300353.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3674-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
https://usn.ubuntu.com/3674-2/ | vendor-advisory, x_refsource_UBUNTU | |
http://www.securityfocus.com/bid/98205 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.701Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3674-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3674-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "USN-3674-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3674-2/" }, { "name": "98205", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98205" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33300353." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-06-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "USN-3674-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3674-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "USN-3674-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3674-2/" }, { "name": "98205", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98205" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0627", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33300353." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3674-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3674-1/" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "USN-3674-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3674-2/" }, { "name": "98205", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98205" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0627", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.701Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8426
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799206. References: N-CVE-2016-8426.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95231 | vdb-entry, x_refsource_BID | |
http://nvidia.custhelp.com/app/answers/detail/a_id/4561 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.339Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95231", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95231" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799206. References: N-CVE-2016-8426." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-18T17:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95231", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95231" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8426", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799206. References: N-CVE-2016-8426." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95231", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95231" }, { "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8426", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.339Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8468
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Binder could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.18. Android ID: A-32394425.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95285 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.406Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95285", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95285" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Binder could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.18. Android ID: A-32394425." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95285", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95285" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8468", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Binder could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.18. Android ID: A-32394425." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95285", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95285" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8468", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.406Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0669
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-17 03:27
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Android framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114752.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/99470 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.677Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "99470", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99470" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Android framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114752." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "99470", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99470" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0669", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Android framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114752." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "99470", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99470" }, { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0669", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:27:50.452Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0638
Vulnerability from cvelistv5
Published
2017-06-14 13:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in System UI component could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High because it is a remote arbitrary code execution in an unprivileged process. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36368305.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98872 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.934Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98872", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98872" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in System UI component could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High because it is a remote arbitrary code execution in an unprivileged process. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36368305." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-07T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98872", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98872" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0638", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in System UI component could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High because it is a remote arbitrary code execution in an unprivileged process. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36368305." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98872", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98872" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0638", "datePublished": "2017-06-14T13:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.934Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13200
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 23:15
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (av) related to id3 unsynchronization. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63100526.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-01-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/frameworks/av/+/dd3ca4d6b81a9ae2ddf358b7b93d2f8c010921f5 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.701Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/dd3ca4d6b81a9ae2ddf358b7b93d2f8c010921f5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (av) related to id3 unsynchronization. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63100526." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-12T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/dd3ca4d6b81a9ae2ddf358b7b93d2f8c010921f5" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13200", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (av) related to id3 unsynchronization. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63100526." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "name": "https://android.googlesource.com/platform/frameworks/av/+/dd3ca4d6b81a9ae2ddf358b7b93d2f8c010921f5", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/av/+/dd3ca4d6b81a9ae2ddf358b7b93d2f8c010921f5" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13200", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T23:15:29.412Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13158
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-17 00:26
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879915.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/102109 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.617Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "102109", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102109" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879915." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-09T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "102109", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102109" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13158", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879915." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "102109", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102109" }, { "name": "https://source.android.com/security/bulletin/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13158", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T00:26:48.812Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0541
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34031018.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
https://github.com/JiounDai/CVE-2017-0541 | x_refsource_MISC | |
https://android.googlesource.com/platform/external/sonivox/+/56d153259cc3e16a6a0014199a2317dde333c978 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97330 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.116Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/JiounDai/CVE-2017-0541" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/sonivox/+/56d153259cc3e16a6a0014199a2317dde333c978" }, { "name": "97330", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97330" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34031018." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/JiounDai/CVE-2017-0541" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/sonivox/+/56d153259cc3e16a6a0014199a2317dde333c978" }, { "name": "97330", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97330" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0541", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34031018." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "https://github.com/JiounDai/CVE-2017-0541", "refsource": "MISC", "url": "https://github.com/JiounDai/CVE-2017-0541" }, { "name": "https://android.googlesource.com/platform/external/sonivox/+/56d153259cc3e16a6a0014199a2317dde333c978", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/sonivox/+/56d153259cc3e16a6a0014199a2317dde333c978" }, { "name": "97330", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97330" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0541", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.116Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8409
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31495687. References: N-CVE-2016-8409.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94691 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.331Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94691", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94691" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31495687. References: N-CVE-2016-8409." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94691", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94691" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8409", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31495687. References: N-CVE-2016-8409." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "94691", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94691" }, { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8409", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.331Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6710
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the download manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Android ID: A-30537115.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94170 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.492Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94170", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94170" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the download manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Android ID: A-30537115." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94170", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94170" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6710", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the download manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Android ID: A-30537115." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94170", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94170" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6710", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.492Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0799
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-17 00:56
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the MediaTek lastbus. Product: Android. Versions: Android kernel. Android ID: A-36731602. References: M-ALPS03342072.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100652 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.238Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100652", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100652" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the MediaTek lastbus. Product: Android. Versions: Android kernel. Android ID: A-36731602. References: M-ALPS03342072." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100652", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100652" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0799", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the MediaTek lastbus. Product: Android. Versions: Android kernel. Android ID: A-36731602. References: M-ALPS03342072." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "100652", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100652" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0799", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T00:56:31.821Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0616
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek system management interrupt driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34470286. References: M-ALPS03149160.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98189 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.580Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98189", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98189" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek system management interrupt driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34470286. References: M-ALPS03149160." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98189", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98189" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0616", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek system management interrupt driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34470286. References: M-ALPS03149160." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "98189", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98189" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0616", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.580Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0686
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 17:28
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231231.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:04.952Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231231." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0686", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231231." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0686", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T17:28:33.600Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13270
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-09-17 00:20
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69474744.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-03-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.978Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69474744." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T16:57:02", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2017-13270", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69474744." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13270", "datePublished": "2018-04-04T17:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T00:20:59.193Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13302
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-17 03:47
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-69969749.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.516Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-69969749." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13302", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-69969749." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13302", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T03:47:42.061Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0663
Vulnerability from cvelistv5
Published
2017-06-14 13:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.debian.org/security/2017/dsa-3952 | vendor-advisory, x_refsource_DEBIAN | |
http://www.securityfocus.com/bid/98877 | vdb-entry, x_refsource_BID | |
https://security.gentoo.org/glsa/201711-01 | vendor-advisory, x_refsource_GENTOO | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK | |
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E | mailing-list, x_refsource_MLIST | |
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.830Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "DSA-3952", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3952" }, { "name": "98877", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98877" }, { "name": "GLSA-201711-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201711-01" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" }, { "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E" }, { "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-29T14:06:13", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "DSA-3952", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3952" }, { "name": "98877", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98877" }, { "name": "GLSA-201711-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201711-01" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" }, { "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E" }, { "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0663", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "DSA-3952", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3952" }, { "name": "98877", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98877" }, { "name": "GLSA-201711-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-01" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" }, { "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E" }, { "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0663", "datePublished": "2017-06-14T13:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.830Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0680
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 17:44
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37008096.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.931Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37008096." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0680", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37008096." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0680", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T17:44:17.402Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10234
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-16 16:22
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm IPA driver. Product: Android. Versions: Android kernel. Android ID: A-34390017. References: QC-CR#1069060.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/97365 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.838Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "97365", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97365" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm IPA driver. Product: Android. Versions: Android kernel. Android ID: A-34390017. References: QC-CR#1069060." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "97365", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97365" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-04-03T00:00:00", "ID": "CVE-2016-10234", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm IPA driver. Product: Android. Versions: Android kernel. Android ID: A-34390017. References: QC-CR#1069060." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "97365", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97365" }, { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10234", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-01T00:00:00", "dateUpdated": "2024-09-16T16:22:37.142Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0822
Vulnerability from cvelistv5
Published
2017-10-03 21:00
Modified
2024-09-17 01:56
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Android system (camera). Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63787722.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-10-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/frameworks/base/+/c574568aaede7f652432deb7707f20ae54bbdf9a | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.399Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/c574568aaede7f652432deb7707f20ae54bbdf9a" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Android system (camera). Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63787722." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-03T20:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/c574568aaede7f652432deb7707f20ae54bbdf9a" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-10-02T00:00:00", "ID": "CVE-2017-0822", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Android system (camera). Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63787722." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "name": "https://android.googlesource.com/platform/frameworks/base/+/c574568aaede7f652432deb7707f20ae54bbdf9a", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/base/+/c574568aaede7f652432deb7707f20ae54bbdf9a" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0822", "datePublished": "2017-10-03T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T01:56:25.042Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6728
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30400942.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94202 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.4 Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.596Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94202", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94202" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.4" }, { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30400942." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94202", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94202" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6728", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.4" }, { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30400942." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "94202", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94202" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6728", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.596Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0456
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm IPA driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33106520. References: QC-CR#1099598.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96947 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.171Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96947", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96947" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm IPA driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33106520. References: QC-CR#1099598." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96947", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96947" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0456", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm IPA driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33106520. References: QC-CR#1099598." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96947", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96947" }, { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0456", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.171Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13248
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-09-16 22:24
Severity ?
EPSS score ?
Summary
In impeg2_idct_recon_sse42() of impeg2_idct_recon_sse42_intr.c, there is an out of bound write due to a missing bounds check. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70349612.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/103255 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-03-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.897Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "103255", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103255" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-03-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In impeg2_idct_recon_sse42() of impeg2_idct_recon_sse42_intr.c, there is an out of bound write due to a missing bounds check. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70349612." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "103255", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103255" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-03-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2017-13248", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In impeg2_idct_recon_sse42() of impeg2_idct_recon_sse42_intr.c, there is an out of bound write due to a missing bounds check. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70349612." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "103255", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103255" }, { "name": "https://source.android.com/security/bulletin/2018-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-03-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13248", "datePublished": "2018-04-04T17:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T22:24:58.125Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9556
Vulnerability from cvelistv5
Published
2018-12-06 14:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In ParsePayloadHeader of payload_metadata.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113118184.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/106147 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.937Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "106147", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106147" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-12-06T00:00:00", "descriptions": [ { "lang": "en", "value": "In ParsePayloadHeader of payload_metadata.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113118184." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-11T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "106147", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106147" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9556", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ParsePayloadHeader of payload_metadata.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113118184." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "106147", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106147" }, { "name": "https://source.android.com/security/bulletin/2018-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9556", "datePublished": "2018-12-06T14:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.937Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9453
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-16 20:22
Severity ?
EPSS score ?
Summary
In avdt_msg_prs_cfg of avdt_msg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78288378.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-08-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1041432 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:54.918Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041432" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In avdt_msg_prs_cfg of avdt_msg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78288378." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041432" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9453", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In avdt_msg_prs_cfg of avdt_msg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78288378." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041432" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9453", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T20:22:01.222Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-9909
Vulnerability from cvelistv5
Published
2017-01-18 17:00
Modified
2024-08-06 14:02
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31676542. References: B-RB#26684.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94685 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:02:37.989Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94685", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94685" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-12-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31676542. References: B-RB#26684." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-19T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94685", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94685" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2014-9909", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31676542. References: B-RB#26684." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94685", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94685" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2014-9909", "datePublished": "2017-01-18T17:00:00", "dateReserved": "2016-10-28T00:00:00", "dateUpdated": "2024-08-06T14:02:37.989Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9437
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-17 00:35
Severity ?
EPSS score ?
Summary
In getstring of ID3.cpp there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78656554.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-08-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1041432 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:17:52.280Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041432" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In getstring of ID3.cpp there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78656554." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041432" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9437", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In getstring of ID3.cpp there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78656554." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041432" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9437", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-17T00:35:36.991Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9499
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-17 03:52
Severity ?
EPSS score ?
Summary
In readVector of iCrypto.cpp, there is a possible invalid read due to uninitialized data. This could lead to local information disclosure from the DRM server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-79218474
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-10-01%2C | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/105481 | vdb-entry, x_refsource_BID | |
https://android.googlesource.com/platform/frameworks/av/+/bf7a67c33c0f044abeef3b9746f434b7f3295bb1 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.932Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "name": "105481", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105481" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/bf7a67c33c0f044abeef3b9746f434b7f3295bb1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In readVector of iCrypto.cpp, there is a possible invalid read due to uninitialized data. This could lead to local information disclosure from the DRM server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-79218474" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "name": "105481", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105481" }, { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/bf7a67c33c0f044abeef3b9746f434b7f3295bb1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9499", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In readVector of iCrypto.cpp, there is a possible invalid read due to uninitialized data. This could lead to local information disclosure from the DRM server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-79218474" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-10-01,", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01," }, { "name": "105481", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105481" }, { "name": "https://android.googlesource.com/platform/frameworks/av/+/bf7a67c33c0f044abeef3b9746f434b7f3295bb1", "refsource": "MISC", "url": "https://android.googlesource.com/platform/frameworks/av/+/bf7a67c33c0f044abeef3b9746f434b7f3295bb1" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9499", "datePublished": "2018-10-02T19:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-17T03:52:44.757Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9358
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-17 00:06
Severity ?
EPSS score ?
Summary
In gatts_process_attribute_req of gatt_sc.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-73172115.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/104461 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:17:52.076Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-06-01" }, { "name": "104461", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104461" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In gatts_process_attribute_req of gatt_sc.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-73172115." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-06-01" }, { "name": "104461", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104461" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9358", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In gatts_process_attribute_req of gatt_sc.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-73172115." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-06-01" }, { "name": "104461", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104461" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9358", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-17T00:06:26.656Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0567
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32125310. References: B-RB#112575.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97331 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.610Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97331", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97331" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32125310. References: B-RB#112575." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97331", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97331" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0567", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32125310. References: B-RB#112575." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97331", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97331" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0567", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.610Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0758
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 22:45
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492741.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100649 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.892Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492741." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0758", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492741." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "100649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100649" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0758", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T22:45:24.351Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0728
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-17 02:32
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework (hevc decoder). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37469795.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.490Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework (hevc decoder). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37469795." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0728", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework (hevc decoder). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37469795." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0728", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T02:32:18.094Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0725
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-16 22:36
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37627194.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.111Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37627194." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0725", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37627194." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0725", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T22:36:40.057Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8464
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29000183. References: B-RB#106314.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95242 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.327Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95242", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95242" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29000183. References: B-RB#106314." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95242", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95242" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8464", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29000183. References: B-RB#106314." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95242", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95242" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8464", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.327Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9458
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-17 00:36
Severity ?
EPSS score ?
Summary
In computeFocusedWindow of RootWindowContainer.java, and related functions, there is possible interception of keypresses due to focus being on the wrong window. This could lead to local escalation of privilege revealing the user's keypresses while the screen was locked with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-71786287.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-08-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1041432 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-8.0 Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:54.859Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041432" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-8.0 Android-8.1" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In computeFocusedWindow of RootWindowContainer.java, and related functions, there is possible interception of keypresses due to focus being on the wrong window. This could lead to local escalation of privilege revealing the user\u0027s keypresses while the screen was locked with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-71786287." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041432" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9458", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-8.0 Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In computeFocusedWindow of RootWindowContainer.java, and related functions, there is possible interception of keypresses due to focus being on the wrong window. This could lead to local escalation of privilege revealing the user\u0027s keypresses while the screen was locked with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-71786287." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041432" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9458", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-17T00:36:26.467Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0457
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31695439. References: QC-CR#1086123, QC-CR#1100695.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96803 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.217Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96803", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96803" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31695439. References: QC-CR#1086123, QC-CR#1100695." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96803", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96803" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0457", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31695439. References: QC-CR#1086123, QC-CR#1100695." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96803", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96803" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0457", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.217Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0464
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32940193. References: QC-CR#1102593.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=051597a4fe19fd1292fb7ea2e627d12d1fd2934f | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/96735 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.204Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=051597a4fe19fd1292fb7ea2e627d12d1fd2934f" }, { "name": "96735", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96735" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32940193. References: QC-CR#1102593." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=051597a4fe19fd1292fb7ea2e627d12d1fd2934f" }, { "name": "96735", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96735" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0464", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32940193. References: QC-CR#1102593." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=051597a4fe19fd1292fb7ea2e627d12d1fd2934f", "refsource": "CONFIRM", "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=051597a4fe19fd1292fb7ea2e627d12d1fd2934f" }, { "name": "96735", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96735" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0464", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.204Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0539
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33864300.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/external/libhevc/+/1ab5ce7e42feccd49e49752e6f58f9097ac5d254 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97330 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.159Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/1ab5ce7e42feccd49e49752e6f58f9097ac5d254" }, { "name": "97330", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97330" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33864300." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/1ab5ce7e42feccd49e49752e6f58f9097ac5d254" }, { "name": "97330", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97330" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0539", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33864300." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "https://android.googlesource.com/platform/external/libhevc/+/1ab5ce7e42feccd49e49752e6f58f9097ac5d254", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libhevc/+/1ab5ce7e42feccd49e49752e6f58f9097ac5d254" }, { "name": "97330", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97330" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0539", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.159Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9580
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
A Elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-76222002.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.925Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "A Elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-76222002." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-14T17:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9580", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A Elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-76222002." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9580", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.925Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6731
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906023. References: NVIDIA N-CVE-2016-6731.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94140 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.571Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94140", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94140" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906023. References: NVIDIA N-CVE-2016-6731." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94140", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94140" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6731", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906023. References: NVIDIA N-CVE-2016-6731." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "94140", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94140" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6731", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.571Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0546
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32628763.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97341 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.354Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97341", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97341" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32628763." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97341", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97341" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0546", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32628763." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97341", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97341" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0546", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.354Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0692
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-17 00:06
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36725407.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:04.966Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36725407." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0692", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36725407." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0692", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T00:06:56.567Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0751
Vulnerability from cvelistv5
Published
2018-04-05 18:00
Modified
2024-09-17 00:25
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm QCE driver. Product: Android. Versions: Android kernel. Android ID: A-36591162. References: QC-CR#2045061.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100210 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.540Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" }, { "name": "100210", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100210" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm QCE driver. Product: Android. Versions: Android kernel. Android ID: A-36591162. References: QC-CR#2045061." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-06T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" }, { "name": "100210", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100210" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0751", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm QCE driver. Product: Android. Versions: Android kernel. Android ID: A-36591162. References: QC-CR#2045061." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" }, { "name": "100210", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100210" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0751", "datePublished": "2018-04-05T18:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T00:25:59.718Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8488
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-17 03:12
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-31625756.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/96737 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:27:39.640Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "96737", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96737" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-31625756." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "96737", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96737" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-03-06T00:00:00", "ID": "CVE-2016-8488", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-31625756." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "96737", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96737" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8488", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-09-17T03:12:26.610Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13214
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 17:44
Severity ?
EPSS score ?
Summary
In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38495900.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/102416 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.617Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102416", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102416" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38495900." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102416", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102416" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13214", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38495900." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102416", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102416" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13214", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T17:44:10.881Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6776
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31680980. References: N-CVE-2016-6776.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94674 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://nvidia.custhelp.com/app/answers/detail/a_id/4561 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.977Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94674", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94674" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31680980. References: N-CVE-2016-6776." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-18T17:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94674", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94674" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6776", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31680980. References: N-CVE-2016-6776." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "94674", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94674" }, { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6776", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.977Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13148
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-17 02:11
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65717533.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-12-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102126 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.358Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102126" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65717533." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-12T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102126" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13148", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65717533." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102126" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13148", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T02:11:45.427Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8439
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
Possible buffer overflow in trust zone access control API. Buffer overflow may occur due to lack of buffer size checking. Product: Android. Versions: Kernel 3.18. Android ID: A-31625204. References: QC-CR#1027804.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95227 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.331Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95227" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "Possible buffer overflow in trust zone access control API. Buffer overflow may occur due to lack of buffer size checking. Product: Android. Versions: Kernel 3.18. Android ID: A-31625204. References: QC-CR#1027804." } ], "problemTypes": [ { "descriptions": [ { "description": "Buffer Overflow", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95227" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8439", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Possible buffer overflow in trust zone access control API. Buffer overflow may occur due to lack of buffer size checking. Product: Android. Versions: Kernel 3.18. Android ID: A-31625204. References: QC-CR#1027804." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95227" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8439", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.331Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0475
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the recovery verifier could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31914369.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96716 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.515Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96716", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96716" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the recovery verifier could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31914369." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96716", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96716" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0475", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the recovery verifier could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31914369." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96716", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96716" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0475", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.515Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13185
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-17 03:58
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65123471.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-01-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/external/libhevc/+/2b9fb0c2074d370a254b35e2489de2d94943578d | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.611Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/2b9fb0c2074d370a254b35e2489de2d94943578d" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65123471." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-12T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/2b9fb0c2074d370a254b35e2489de2d94943578d" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13185", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65123471." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "name": "https://android.googlesource.com/platform/external/libhevc/+/2b9fb0c2074d370a254b35e2489de2d94943578d", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libhevc/+/2b9fb0c2074d370a254b35e2489de2d94943578d" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13185", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T03:58:35.202Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8415
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750554. References: QC-CR#1079596.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95260 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.335Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95260", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95260" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750554. References: QC-CR#1079596." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95260", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95260" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8415", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750554. References: QC-CR#1079596." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95260", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95260" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8415", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.335Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13267
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-16 22:01
Severity ?
EPSS score ?
Summary
In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69479009.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.927Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69479009." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13267", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69479009." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13267", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T22:01:57.654Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0463
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33277611. References: QC-CR#1101792.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96948 | vdb-entry, x_refsource_BID | |
https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=955bd7e7ac097bdffbadafab90e5378038fefeb2 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.226Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96948", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96948" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=955bd7e7ac097bdffbadafab90e5378038fefeb2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33277611. References: QC-CR#1101792." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96948", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96948" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=955bd7e7ac097bdffbadafab90e5378038fefeb2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0463", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33277611. References: QC-CR#1101792." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96948", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96948" }, { "name": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=955bd7e7ac097bdffbadafab90e5378038fefeb2", "refsource": "CONFIRM", "url": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=955bd7e7ac097bdffbadafab90e5378038fefeb2" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0463", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.226Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0788
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 18:33
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722328. References: B-V2017053103.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100655 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.296Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100655", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100655" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722328. References: B-V2017053103." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100655", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100655" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0788", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722328. References: B-V2017053103." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100655", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100655" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0788", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T18:33:57.751Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0612
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34389303. References: QC-CR#1061845.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98231 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.680Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98231", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98231" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34389303. References: QC-CR#1061845." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98231", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98231" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0612", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34389303. References: QC-CR#1061845." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98231", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98231" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0612", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.680Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0775
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-17 02:00
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673179.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100649 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.100Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673179." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0775", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673179." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "100649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100649" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0775", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T02:00:57.493Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0834
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-17 02:02
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63125953.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-11-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101717 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.510Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101717", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101717" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63125953." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-17T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101717", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101717" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0834", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63125953." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101717", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101717" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0834", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T02:02:07.156Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9357
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-16 17:07
Severity ?
EPSS score ?
Summary
In BNEP_Write of bnep_api.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74947856.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/104461 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:17:51.838Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-06-01" }, { "name": "104461", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104461" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In BNEP_Write of bnep_api.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74947856." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-06-01" }, { "name": "104461", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104461" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9357", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In BNEP_Write of bnep_api.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74947856." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-06-01" }, { "name": "104461", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104461" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9357", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T17:07:46.072Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9531
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In AudioSpecificConfig_Parse of tpdec_asc.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112661641
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105865 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.944Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105865", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105865" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In AudioSpecificConfig_Parse of tpdec_asc.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112661641" } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-15T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105865", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105865" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9531", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In AudioSpecificConfig_Parse of tpdec_asc.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112661641" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "105865", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105865" }, { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9531", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.944Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0803
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-17 02:37
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36136137. References: M-ALPS03361477.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100652 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.279Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100652", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100652" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36136137. References: M-ALPS03361477." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100652", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100652" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0803", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36136137. References: M-ALPS03361477." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "100652", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100652" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0803", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T02:37:28.283Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13193
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 16:49
Severity ?
EPSS score ?
Summary
In ihevcd_decode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65718319.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/102414 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.499Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102414" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In ihevcd_decode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65718319." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102414" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13193", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ihevcd_decode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65718319." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102414" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13193", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T16:49:17.587Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9559
Vulnerability from cvelistv5
Published
2018-12-06 14:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In persist_set_key and other functions of cryptfs.cpp, there is a possible out-of-bounds write due to an uncaught error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112731440.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/106147 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.018Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "106147", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106147" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } ], "datePublic": "2018-12-06T00:00:00", "descriptions": [ { "lang": "en", "value": "In persist_set_key and other functions of cryptfs.cpp, there is a possible out-of-bounds write due to an uncaught error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112731440." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-11T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "106147", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106147" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9559", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In persist_set_key and other functions of cryptfs.cpp, there is a possible out-of-bounds write due to an uncaught error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112731440." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "106147", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106147" }, { "name": "https://source.android.com/security/bulletin/2018-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9559", "datePublished": "2018-12-06T14:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.018Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0613
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35400457. References: QC-CR#1086140.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98186 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.832Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98186", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98186" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35400457. References: QC-CR#1086140." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98186", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98186" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0613", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35400457. References: QC-CR#1086140." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "98186", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98186" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0613", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.832Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6703
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in an Android runtime library in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker using a specially crafted payload to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Android runtime. Android ID: A-30765246.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94161 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.368Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94161", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94161" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in an Android runtime library in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker using a specially crafted payload to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Android runtime. Android ID: A-30765246." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94161", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94161" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6703", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in an Android runtime library in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker using a specially crafted payload to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Android runtime. Android ID: A-30765246." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "94161", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94161" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6703", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.368Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13306
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-17 00:46
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Upstream kernel mnh driver. Product: Android. Versions: Android kernel. Android ID: A-70295063.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.072Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Upstream kernel mnh driver. Product: Android. Versions: Android kernel. Android ID: A-70295063." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13306", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Upstream kernel mnh driver. Product: Android. Versions: Android kernel. Android ID: A-70295063." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13306", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T00:46:38.287Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0740
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-16 20:27
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Broadcom networking driver. Product: Android. Versions: Android kernel. Android ID: A-37168488. References: B-RB#116402.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100217 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.715Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100217", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100217" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Broadcom networking driver. Product: Android. Versions: Android kernel. Android ID: A-37168488. References: B-RB#116402." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100217", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100217" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0740", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Broadcom networking driver. Product: Android. Versions: Android kernel. Android ID: A-37168488. References: B-RB#116402." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "100217", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100217" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0740", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T20:27:23.712Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8407
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31802656.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94686 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.321Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94686", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94686" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31802656." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94686", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94686" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8407", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31802656." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94686", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94686" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8407", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.321Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13238
Vulnerability from cvelistv5
Published
2018-02-12 19:00
Modified
2024-09-16 23:51
Severity ?
EPSS score ?
Summary
In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-64610940.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/103024 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-02-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:17.958Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "103024", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103024" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-02-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-64610940." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-16T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "103024", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103024" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-02-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-02-05T00:00:00", "ID": "CVE-2017-13238", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-64610940." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "103024", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103024" }, { "name": "https://source.android.com/security/bulletin/2018-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-02-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13238", "datePublished": "2018-02-12T19:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T23:51:23.243Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0470
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33818500.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96717 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.457Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96717" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33818500." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96717" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0470", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33818500." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96717" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0470", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.457Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0642
Vulnerability from cvelistv5
Published
2017-06-14 13:00
Modified
2024-09-17 03:28
Severity ?
EPSS score ?
Summary
A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34819017.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98868 | vdb-entry, x_refsource_BID | |
https://android.googlesource.com/platform/external/libhevc/+/913d9e8d93d6b81bb8eac3fc2c1426651f5b259d | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Android-5.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.831Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98868", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98868" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/913d9e8d93d6b81bb8eac3fc2c1426651f5b259d" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2 Android-5.1.1" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34819017." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-07T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98868", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98868" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/913d9e8d93d6b81bb8eac3fc2c1426651f5b259d" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0642", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2 Android-5.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34819017." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98868", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98868" }, { "name": "https://android.googlesource.com/platform/external/libhevc/+/913d9e8d93d6b81bb8eac3fc2c1426651f5b259d", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libhevc/+/913d9e8d93d6b81bb8eac3fc2c1426651f5b259d" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0642", "datePublished": "2017-06-14T13:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:28:07.166Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13294
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-16 20:36
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Android framework (aosp email application). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71814449.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.958Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Android framework (aosp email application). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71814449." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13294", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Android framework (aosp email application). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71814449." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13294", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T20:36:42.086Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0876
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 17:37
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-64964675.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-12-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102126 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.365Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102126" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-64964675." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-12T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102126" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-0876", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-64964675." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102126" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0876", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T17:37:36.636Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0851
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-16 20:07
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-35430570.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.419Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-35430570." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-16T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0851", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-35430570." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0851", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T20:07:31.145Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8455
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32219121. References: B-RB#106311.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95240 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.372Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95240", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95240" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32219121. References: B-RB#106311." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95240", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95240" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8455", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32219121. References: B-RB#106311." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95240", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95240" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8455", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.372Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0798
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 19:46
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36100671. References: M-ALPS03365532.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100652 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.278Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100652", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100652" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36100671. References: M-ALPS03365532." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100652", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100652" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0798", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36100671. References: M-ALPS03365532." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "100652", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100652" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0798", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T19:46:52.774Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0435
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906657. References: QC-CR#1078000.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96053 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.178Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96053", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96053" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906657. References: QC-CR#1078000." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96053", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96053" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0435", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906657. References: QC-CR#1078000." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96053", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96053" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0435", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.178Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6737
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30928456.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94202 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.549Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94202", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94202" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30928456." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94202", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94202" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6737", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30928456." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "94202", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94202" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6737", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.549Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8427
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799885. References: N-CVE-2016-8427.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95231 | vdb-entry, x_refsource_BID | |
http://nvidia.custhelp.com/app/answers/detail/a_id/4561 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.299Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95231", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95231" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799885. References: N-CVE-2016-8427." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-18T17:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95231", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95231" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8427", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799885. References: N-CVE-2016-8427." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95231", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95231" }, { "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8427", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.299Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0640
Vulnerability from cvelistv5
Published
2017-06-14 13:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33129467.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98868 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.566Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98868", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98868" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33129467." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-07T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98868", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98868" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0640", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33129467." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98868", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98868" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0640", "datePublished": "2017-06-14T13:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.566Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6733
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906694. References: NVIDIA N-CVE-2016-6733.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94140 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.578Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94140", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94140" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906694. References: NVIDIA N-CVE-2016-6733." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94140", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94140" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6733", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906694. References: NVIDIA N-CVE-2016-6733." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "94140", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94140" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6733", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.578Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0840
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-16 19:51
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62948670.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-11-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101717 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.367Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101717", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101717" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62948670." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-17T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101717", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101717" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0840", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62948670." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101717", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101717" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0840", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T19:51:15.117Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8485
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-17 02:41
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823681.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/96737 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.371Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "96737", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96737" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823681." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "96737", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96737" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-03-06T00:00:00", "ID": "CVE-2016-8485", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823681." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "96737", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96737" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8485", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-09-17T02:41:46.507Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9451
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-16 22:01
Severity ?
EPSS score ?
Summary
In DynamicRefTable::load of ResourceTypes.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79488511.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-08-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1041432 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:17:52.059Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041432" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In DynamicRefTable::load of ResourceTypes.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79488511." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041432" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9451", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In DynamicRefTable::load of ResourceTypes.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79488511." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041432" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9451", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T22:01:52.849Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13201
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-17 02:05
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (mediadrm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63982768.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-01-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102529 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.587Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "name": "102529", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102529" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (mediadrm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63982768." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-17T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "name": "102529", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102529" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13201", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (mediadrm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63982768." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "name": "102529", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102529" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13201", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T02:05:52.393Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9511
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-16 16:58
Severity ?
EPSS score ?
Summary
In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on sockets with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-111650288
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105482 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-10-01%2C | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/system/netd/+/931418b16c7197ca2df34c2a5609e49791125abe | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.143Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/system/netd/+/931418b16c7197ca2df34c2a5609e49791125abe" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9.0" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on sockets with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-111650288" } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/system/netd/+/931418b16c7197ca2df34c2a5609e49791125abe" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9511", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on sockets with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-111650288" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "105482", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105482" }, { "name": "https://source.android.com/security/bulletin/2018-10-01,", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01," }, { "name": "https://android.googlesource.com/platform/system/netd/+/931418b16c7197ca2df34c2a5609e49791125abe", "refsource": "MISC", "url": "https://android.googlesource.com/platform/system/netd/+/931418b16c7197ca2df34c2a5609e49791125abe" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9511", "datePublished": "2018-10-02T19:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T16:58:51.731Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13304
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-17 03:18
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-70576999.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.415Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-70576999." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13304", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-70576999." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13304", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T03:18:07.595Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0392
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in VBRISeeker.cpp in libstagefright in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32577290.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95230 | vdb-entry, x_refsource_BID | |
https://android.googlesource.com/platform/frameworks/av/+/453b351ac5bd2b6619925dc966da60adf6b3126c | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:56.975Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95230", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95230" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/453b351ac5bd2b6619925dc966da60adf6b3126c" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in VBRISeeker.cpp in libstagefright in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32577290." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95230", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95230" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/453b351ac5bd2b6619925dc966da60adf6b3126c" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0392", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in VBRISeeker.cpp in libstagefright in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32577290." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95230", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95230" }, { "name": "https://android.googlesource.com/platform/frameworks/av/+/453b351ac5bd2b6619925dc966da60adf6b3126c", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/av/+/453b351ac5bd2b6619925dc966da60adf6b3126c" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0392", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:56.975Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8432
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32447738. References: N-CVE-2016-8432.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95236 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.341Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95236", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95236" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32447738. References: N-CVE-2016-8432." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95236", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95236" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8432", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32447738. References: N-CVE-2016-8432." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95236", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95236" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8432", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.341Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0458
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32588962. References: QC-CR#1089433.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=eba46cb98431ba1d7a6bd859f26f6ad03f1bf4d4 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/96951 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.209Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=eba46cb98431ba1d7a6bd859f26f6ad03f1bf4d4" }, { "name": "96951", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96951" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32588962. References: QC-CR#1089433." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=eba46cb98431ba1d7a6bd859f26f6ad03f1bf4d4" }, { "name": "96951", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96951" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0458", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32588962. References: QC-CR#1089433." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=eba46cb98431ba1d7a6bd859f26f6ad03f1bf4d4", "refsource": "CONFIRM", "url": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=eba46cb98431ba1d7a6bd859f26f6ad03f1bf4d4" }, { "name": "96951", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96951" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0458", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.209Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8412
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31225246. References: QC-CR#1071891.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95238 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.320Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95238", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95238" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31225246. References: QC-CR#1071891." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95238", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95238" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8412", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31225246. References: QC-CR#1071891." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95238", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95238" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8412", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.320Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0839
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-17 01:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64478003.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-11-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101717 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.376Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101717", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101717" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64478003." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-17T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101717", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101717" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0839", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64478003." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101717", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101717" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0839", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T01:11:41.142Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6714
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31092462.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94137 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.563Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94137", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94137" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31092462." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94137", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94137" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6714", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31092462." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "94137", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94137" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6714", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.563Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0863
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-16 16:27
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Upstream kernel video driver. Product: Android. Versions: Android kernel. Android ID: A-37950620.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.420Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Upstream kernel video driver. Product: Android. Versions: Android kernel. Android ID: A-37950620." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-16T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0863", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Upstream kernel video driver. Product: Android. Versions: Android kernel. Android ID: A-37950620." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0863", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T16:27:45.140Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8460
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31668540. References: N-CVE-2016-8460.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95249 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.332Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95249", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95249" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31668540. References: N-CVE-2016-8460." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95249", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95249" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8460", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31668540. References: N-CVE-2016-8460." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95249", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95249" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8460", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.332Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0829
Vulnerability from cvelistv5
Published
2017-10-03 21:00
Modified
2024-09-16 21:02
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Motorola bootloader. Product: Android. Versions: Android kernel. Android ID: A-62345044.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-10-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.472Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Motorola bootloader. Product: Android. Versions: Android kernel. Android ID: A-62345044." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-03T20:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-10-02T00:00:00", "ID": "CVE-2017-0829", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Motorola bootloader. Product: Android. Versions: Android kernel. Android ID: A-62345044." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0829", "datePublished": "2017-10-03T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T21:02:34.112Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13220
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 21:58
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053.
References
▼ | URL | Tags |
---|---|---|
https://www.debian.org/security/2018/dsa-4187 | vendor-advisory, x_refsource_DEBIAN | |
https://security-tracker.debian.org/tracker/CVE-2017-13220 | x_refsource_CONFIRM | |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51bda2bca53b265715ca1852528f38dc67429d9a | x_refsource_CONFIRM | |
https://bugzilla.suse.com/show_bug.cgi?id=1076537 | x_refsource_CONFIRM | |
https://bugzilla.redhat.com/show_bug.cgi?id=1536155 | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/pixel/2018-01-01 | x_refsource_CONFIRM | |
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html | x_refsource_CONFIRM | |
https://usn.ubuntu.com/3655-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3655-2/ | vendor-advisory, x_refsource_UBUNTU |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.542Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2017-13220" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51bda2bca53b265715ca1852528f38dc67429d9a" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1076537" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536155" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html" }, { "name": "USN-3655-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3655-1/" }, { "name": "USN-3655-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3655-2/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-30T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security-tracker.debian.org/tracker/CVE-2017-13220" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51bda2bca53b265715ca1852528f38dc67429d9a" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1076537" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536155" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html" }, { "name": "USN-3655-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3655-1/" }, { "name": "USN-3655-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3655-2/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13220", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "https://security-tracker.debian.org/tracker/CVE-2017-13220", "refsource": "CONFIRM", "url": "https://security-tracker.debian.org/tracker/CVE-2017-13220" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51bda2bca53b265715ca1852528f38dc67429d9a", "refsource": "CONFIRM", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51bda2bca53b265715ca1852528f38dc67429d9a" }, { "name": "https://bugzilla.suse.com/show_bug.cgi?id=1076537", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1076537" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1536155", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536155" }, { "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "name": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html", "refsource": "CONFIRM", "url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html" }, { "name": "USN-3655-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3655-1/" }, { "name": "USN-3655-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3655-2/" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13220", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T21:58:00.672Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8437
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR#1009695.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95227 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.314Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95227" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR#1009695." } ], "problemTypes": [ { "descriptions": [ { "description": "Improper Input Validation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95227" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8437", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR#1009695." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Improper Input Validation" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95227" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8437", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.314Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0465
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34112914. References: QC-CR#1110747.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98184 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.156Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98184", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98184" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34112914. References: QC-CR#1110747." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98184", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98184" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0465", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34112914. References: QC-CR#1110747." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "98184", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98184" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0465", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.156Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8470
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31528889. References: MT-ALPS02961395.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95235 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.354Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95235", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95235" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31528889. References: MT-ALPS02961395." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95235", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95235" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8470", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31528889. References: MT-ALPS02961395." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95235", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95235" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8470", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.354Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10295
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm LED driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33781694. References: QC-CR#1109326.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
https://www.codeaurora.org/possible-kernel-information-leak-qpnp-flash-led-driver-debugfs-function-cve-2016-10295 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.843Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.codeaurora.org/possible-kernel-information-leak-qpnp-flash-led-driver-debugfs-function-cve-2016-10295" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm LED driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33781694. References: QC-CR#1109326." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-23T02:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.codeaurora.org/possible-kernel-information-leak-qpnp-flash-led-driver-debugfs-function-cve-2016-10295" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-10295", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm LED driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33781694. References: QC-CR#1109326." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "https://www.codeaurora.org/possible-kernel-information-leak-qpnp-flash-led-driver-debugfs-function-cve-2016-10295", "refsource": "CONFIRM", "url": "https://www.codeaurora.org/possible-kernel-information-leak-qpnp-flash-led-driver-debugfs-function-cve-2016-10295" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10295", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-08-06T03:14:42.843Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0543
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097866.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/external/libavc/+/f634481e940421020e52f511c1fb34aac1db4b2f | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97330 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.349Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libavc/+/f634481e940421020e52f511c1fb34aac1db4b2f" }, { "name": "97330", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97330" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097866." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libavc/+/f634481e940421020e52f511c1fb34aac1db4b2f" }, { "name": "97330", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97330" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0543", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097866." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "https://android.googlesource.com/platform/external/libavc/+/f634481e940421020e52f511c1fb34aac1db4b2f", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libavc/+/f634481e940421020e52f511c1fb34aac1db4b2f" }, { "name": "97330", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97330" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0543", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.349Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0476
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in AOSP Messaging could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of an unprivileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33388925.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96756 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.592Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96756", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96756" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in AOSP Messaging could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of an unprivileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33388925." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96756", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96756" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0476", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in AOSP Messaging could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of an unprivileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33388925." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96756", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96756" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0476", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.592Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0412
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33039926.
References
▼ | URL | Tags |
---|---|---|
https://www.exploit-db.com/exploits/41355/ | exploit, x_refsource_EXPLOIT-DB | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96056 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.057Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "41355", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/41355/" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96056", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96056" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33039926." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-31T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "41355", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/41355/" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96056", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96056" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0412", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33039926." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "41355", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/41355/" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96056", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96056" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0412", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.057Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0777
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 17:08
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-38342499.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100649 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.233Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-38342499." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0777", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-38342499." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "100649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100649" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0777", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T17:08:53.178Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0862
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-17 00:35
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-36006779.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.435Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-36006779." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-16T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0862", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-36006779." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0862", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T00:35:42.522Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0545
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32591350.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97346 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.283Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97346", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97346" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32591350." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97346", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97346" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0545", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32591350." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97346", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97346" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0545", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.283Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0711
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 23:11
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the MediaTek networking driver. Product: Android. Versions: Android kernel. Android ID: A-36099953. References: M-ALPS03206781.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99466 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.412Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99466", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99466" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the MediaTek networking driver. Product: Android. Versions: Android kernel. Android ID: A-36099953. References: M-ALPS03206781." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-07T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99466", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99466" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0711", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the MediaTek networking driver. Product: Android. Versions: Android kernel. Android ID: A-36099953. References: M-ALPS03206781." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99466", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99466" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0711", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T23:11:06.143Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8420
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451171. References: QC-CR#1087807.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96047 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.299Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96047", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451171. References: QC-CR#1087807." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96047", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8420", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451171. References: QC-CR#1087807." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96047", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8420", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.299Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13282
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-17 03:34
Severity ?
EPSS score ?
Summary
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603315.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.104Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603315." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13282", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603315." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13282", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T03:34:19.991Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0397
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32377688.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95232 | vdb-entry, x_refsource_BID | |
https://android.googlesource.com/platform/frameworks/av/+/7a3246b870ddd11861eda2ab458b11d723c7f62c | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.083Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95232", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95232" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/7a3246b870ddd11861eda2ab458b11d723c7f62c" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32377688." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95232", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95232" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/7a3246b870ddd11861eda2ab458b11d723c7f62c" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0397", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32377688." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95232", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95232" }, { "name": "https://android.googlesource.com/platform/frameworks/av/+/7a3246b870ddd11861eda2ab458b11d723c7f62c", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/av/+/7a3246b870ddd11861eda2ab458b11d723c7f62c" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0397", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.083Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10277
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98149 | vdb-entry, x_refsource_BID | |
https://www.exploit-db.com/exploits/42601/ | exploit, x_refsource_EXPLOIT-DB |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.908Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98149", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98149" }, { "name": "42601", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/42601/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98149", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98149" }, { "name": "42601", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/42601/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-10277", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98149", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98149" }, { "name": "42601", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/42601/" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10277", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-08-06T03:14:42.908Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-9009
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-16 23:15
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393600.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98874 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:36:31.622Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393600." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-06-05T00:00:00", "ID": "CVE-2015-9009", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393600." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2015-9009", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-09-16T23:15:41.752Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9513
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-17 01:51
Severity ?
EPSS score ?
Summary
In copy_process of fork.c, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111081202 References: N/A
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105483 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-10-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.584Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105483", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105483" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-10-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In copy_process of fork.c, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111081202 References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105483", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105483" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-10-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9513", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In copy_process of fork.c, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111081202 References: N/A" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "105483", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105483" }, { "name": "https://source.android.com/security/bulletin/2018-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9513", "datePublished": "2018-10-02T19:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-17T01:51:35.931Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0610
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399404. References: QC-CR#1094852.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98255 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.694Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98255", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98255" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399404. References: QC-CR#1094852." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98255", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98255" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0610", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399404. References: QC-CR#1094852." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98255", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98255" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0610", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.694Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0836
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-16 18:13
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64893226.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-11-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101717 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.313Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101717", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101717" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64893226." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-17T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101717", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101717" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0836", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64893226." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101717", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101717" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0836", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T18:13:26.548Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6746
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Android ID: A-30955105. References: NVIDIA N-CVE-2016-6746.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94209 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.584Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94209", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94209" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Android ID: A-30955105. References: NVIDIA N-CVE-2016-6746." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94209", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94209" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6746", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Android ID: A-30955105. References: NVIDIA N-CVE-2016-6746." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "94209", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94209" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6746", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.584Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13172
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 23:30
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek bluetooth driver. Product: Android. Versions: Android kernel. Android ID A-36493287. References: M-ALPS03495791.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.560Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek bluetooth driver. Product: Android. Versions: Android kernel. Android ID A-36493287. References: M-ALPS03495791." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-06T13:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13172", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek bluetooth driver. Product: Android. Versions: Android kernel. Android ID A-36493287. References: M-ALPS03495791." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13172", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T23:30:28.160Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0538
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33641588.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/external/libavc/+/494561291a503840f385fbcd11d9bc5f4dc502b8 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97330 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.087Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libavc/+/494561291a503840f385fbcd11d9bc5f4dc502b8" }, { "name": "97330", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97330" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33641588." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libavc/+/494561291a503840f385fbcd11d9bc5f4dc502b8" }, { "name": "97330", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97330" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0538", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33641588." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "https://android.googlesource.com/platform/external/libavc/+/494561291a503840f385fbcd11d9bc5f4dc502b8", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libavc/+/494561291a503840f385fbcd11d9bc5f4dc502b8" }, { "name": "97330", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97330" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0538", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.087Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8473
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31795790.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95233 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.367Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95233", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95233" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31795790." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95233", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95233" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8473", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31795790." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95233", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95233" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8473", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.367Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0738
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-16 23:16
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Android media framework (audioserver). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563371.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.459Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Android media framework (audioserver). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563371." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0738", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Android media framework (audioserver). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563371." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0738", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T23:16:45.235Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13285
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-16 20:37
Severity ?
EPSS score ?
Summary
In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177126.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.517Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177126." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13285", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177126." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13285", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T20:37:05.260Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0563
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32089409.
References
▼ | URL | Tags |
---|---|---|
http://seclists.org/fulldisclosure/2017/May/19 | x_refsource_MISC | |
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97342 | vdb-entry, x_refsource_BID | |
https://alephsecurity.com/vulns/aleph-2017009 | x_refsource_MISC | |
https://github.com/alephsecurity/PoCs/tree/master/CVE-2017-0563 | x_refsource_MISC | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.391Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2017/May/19" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97342", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97342" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://alephsecurity.com/vulns/aleph-2017009" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/alephsecurity/PoCs/tree/master/CVE-2017-0563" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32089409." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://seclists.org/fulldisclosure/2017/May/19" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97342", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97342" }, { "tags": [ "x_refsource_MISC" ], "url": "https://alephsecurity.com/vulns/aleph-2017009" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/alephsecurity/PoCs/tree/master/CVE-2017-0563" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0563", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32089409." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "http://seclists.org/fulldisclosure/2017/May/19", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2017/May/19" }, { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97342", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97342" }, { "name": "https://alephsecurity.com/vulns/aleph-2017009", "refsource": "MISC", "url": "https://alephsecurity.com/vulns/aleph-2017009" }, { "name": "https://github.com/alephsecurity/PoCs/tree/master/CVE-2017-0563", "refsource": "MISC", "url": "https://github.com/alephsecurity/PoCs/tree/master/CVE-2017-0563" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0563", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.391Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9356
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-16 19:25
Severity ?
EPSS score ?
Summary
In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74950468.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/104461 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:17:52.236Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-06-01" }, { "name": "104461", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104461" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74950468." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-06-01" }, { "name": "104461", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104461" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9356", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74950468." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-06-01" }, { "name": "104461", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104461" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9356", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T19:25:38.547Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0432
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-28332719.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96067 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.179Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96067", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96067" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-28332719." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96067", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96067" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0432", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-28332719." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96067", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96067" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0432", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.179Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9522
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privilege in the system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112550251
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105848 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.131Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105848", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105848" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privilege in the system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112550251" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-15T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105848", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105848" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9522", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privilege in the system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112550251" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "105848", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105848" }, { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9522", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.131Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9554
Vulnerability from cvelistv5
Published
2018-12-06 14:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In dumpExtractors of IMediaExtractor.cp, there is a possible disclosure of recently accessed media files due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-114770654.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/106137 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.100Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "106137", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106137" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } ], "datePublic": "2018-12-06T00:00:00", "descriptions": [ { "lang": "en", "value": "In dumpExtractors of IMediaExtractor.cp, there is a possible disclosure of recently accessed media files due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-114770654." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-08T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "106137", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106137" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9554", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In dumpExtractors of IMediaExtractor.cp, there is a possible disclosure of recently accessed media files due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-114770654." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "106137", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106137" }, { "name": "https://source.android.com/security/bulletin/2018-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9554", "datePublished": "2018-12-06T14:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.100Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13164
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 19:56
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the kernel binder driver. Product: Android. Versions: Android kernel. Android ID A-36007193.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.766Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the kernel binder driver. Product: Android. Versions: Android kernel. Android ID A-36007193." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-06T13:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13164", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the kernel binder driver. Product: Android. Versions: Android kernel. Android ID A-36007193." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13164", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T19:56:42.224Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9498
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-17 00:21
Severity ?
EPSS score ?
Summary
In SkSampler::Fill of SkSampler.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78354855
References
▼ | URL | Tags |
---|---|---|
https://android.googlesource.com/platform/external/skia/+/77c955200ddd1761d6ed7a6c1578349fedbb55e4 | x_refsource_MISC | |
https://source.android.com/security/bulletin/2018-10-01%2C | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/105481 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:54.919Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/skia/+/77c955200ddd1761d6ed7a6c1578349fedbb55e4" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "name": "105481", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105481" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In SkSampler::Fill of SkSampler.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78354855" } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/external/skia/+/77c955200ddd1761d6ed7a6c1578349fedbb55e4" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "name": "105481", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105481" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9498", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In SkSampler::Fill of SkSampler.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78354855" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://android.googlesource.com/platform/external/skia/+/77c955200ddd1761d6ed7a6c1578349fedbb55e4", "refsource": "MISC", "url": "https://android.googlesource.com/platform/external/skia/+/77c955200ddd1761d6ed7a6c1578349fedbb55e4" }, { "name": "https://source.android.com/security/bulletin/2018-10-01,", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01," }, { "name": "105481", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105481" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9498", "datePublished": "2018-10-02T19:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-17T00:21:56.699Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0406
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32915871.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96046 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.104Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96046", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96046" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32915871." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96046", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96046" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0406", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32915871." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96046", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96046" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0406", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.104Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0394
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in Telephony could enable a remote attacker to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31752213.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95255 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.054Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95255", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95255" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in Telephony could enable a remote attacker to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31752213." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95255", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95255" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0394", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in Telephony could enable a remote attacker to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31752213." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95255", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95255" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0394", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.054Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0427
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495866.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96071 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.181Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96071", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96071" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495866." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96071", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96071" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0427", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495866." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96071", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96071" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0427", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.181Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0719
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-16 16:12
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37273673.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.472Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37273673." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0719", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37273673." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0719", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T16:12:40.402Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0737
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-16 19:14
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563942.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://usn.ubuntu.com/3692-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.537Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "name": "USN-3692-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3692-2/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563942." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-06-27T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "name": "USN-3692-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3692-2/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0737", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563942." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "USN-3692-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3692-2/" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0737", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T19:14:41.407Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0871
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 23:06
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Android framework (framework base). Product: Android. Versions: 8.0. Android ID A-65281159.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/102131 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.395Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "102131", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102131" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Android framework (framework base). Product: Android. Versions: 8.0. Android ID A-65281159." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-12T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "102131", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102131" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-0871", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Android framework (framework base). Product: Android. Versions: 8.0. Android ID A-65281159." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "102131", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102131" }, { "name": "https://source.android.com/security/bulletin/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0871", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T23:06:32.507Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13242
Vulnerability from cvelistv5
Published
2018-02-12 19:00
Modified
2024-09-16 21:56
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-62672248.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/103014 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/pixel/2018-02-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:17.915Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "103014", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103014" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-62672248." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-15T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "103014", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103014" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-02-05T00:00:00", "ID": "CVE-2017-13242", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-62672248." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "103014", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103014" }, { "name": "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13242", "datePublished": "2018-02-12T19:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T21:56:46.066Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0550
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33933140.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/97336 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/external/libavc/+/7950bf47b6944546a0aff11a7184947de9591b51 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.208Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "97336", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97336" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libavc/+/7950bf47b6944546a0aff11a7184947de9591b51" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33933140." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "97336", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97336" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libavc/+/7950bf47b6944546a0aff11a7184947de9591b51" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0550", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33933140." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "97336", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97336" }, { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "https://android.googlesource.com/platform/external/libavc/+/7950bf47b6944546a0aff11a7184947de9591b51", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libavc/+/7950bf47b6944546a0aff11a7184947de9591b51" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0550", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.208Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13236
Vulnerability from cvelistv5
Published
2018-02-12 19:00
Modified
2024-09-16 20:36
Severity ?
EPSS score ?
Summary
In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217699.
References
▼ | URL | Tags |
---|---|---|
https://www.exploit-db.com/exploits/43996/ | exploit, x_refsource_EXPLOIT-DB | |
https://source.android.com/security/bulletin/2018-02-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102979 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:17.919Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "43996", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/43996/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-02-01" }, { "name": "102979", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102979" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217699." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "43996", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/43996/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-02-01" }, { "name": "102979", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102979" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-02-05T00:00:00", "ID": "CVE-2017-13236", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217699." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "43996", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/43996/" }, { "name": "https://source.android.com/security/bulletin/2018-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-02-01" }, { "name": "102979", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102979" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13236", "datePublished": "2018-02-12T19:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T20:36:16.755Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-9953
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-16 23:26
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714770.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98874 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:02:37.223Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714770." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-06-05T00:00:00", "ID": "CVE-2014-9953", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714770." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "98874", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98874" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2014-9953", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-09-16T23:26:21.146Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13275
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-16 16:14
Severity ?
EPSS score ?
Summary
In getVSCoverage of CmapCoverage.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70808908.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.973Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In getVSCoverage of CmapCoverage.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70808908." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13275", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In getVSCoverage of CmapCoverage.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70808908." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13275", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T16:14:14.058Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9505
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-16 19:10
Severity ?
EPSS score ?
Summary
In mca_ccb_hdl_req of mca_cact.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110791536
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105482 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-10-01%2C | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/system/bt/+/5216e6120160b28d76e9ee4dff9995e772647511 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.022Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/system/bt/+/5216e6120160b28d76e9ee4dff9995e772647511" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In mca_ccb_hdl_req of mca_cact.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110791536" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/system/bt/+/5216e6120160b28d76e9ee4dff9995e772647511" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9505", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In mca_ccb_hdl_req of mca_cact.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110791536" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "105482", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105482" }, { "name": "https://source.android.com/security/bulletin/2018-10-01,", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01," }, { "name": "https://android.googlesource.com/platform/system/bt/+/5216e6120160b28d76e9ee4dff9995e772647511", "refsource": "MISC", "url": "https://android.googlesource.com/platform/system/bt/+/5216e6120160b28d76e9ee4dff9995e772647511" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9505", "datePublished": "2018-10-02T19:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T19:10:01.885Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0623
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the HTC bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32512358.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98199 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.600Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98199", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98199" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the HTC bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32512358." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98199", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98199" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0623", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the HTC bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32512358." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98199", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98199" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0623", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.600Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0705
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-17 03:13
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-34973477. References: B-RB#119898.
References
▼ | URL | Tags |
---|---|---|
https://github.com/ScottyBauer/Android_Kernel_CVE_POCs/blob/master/CVE-2017-0705.c | x_refsource_MISC | |
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99482 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:04.933Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ScottyBauer/Android_Kernel_CVE_POCs/blob/master/CVE-2017-0705.c" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99482", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99482" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-34973477. References: B-RB#119898." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-03-06T14:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ScottyBauer/Android_Kernel_CVE_POCs/blob/master/CVE-2017-0705.c" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99482", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99482" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0705", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-34973477. References: B-RB#119898." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ScottyBauer/Android_Kernel_CVE_POCs/blob/master/CVE-2017-0705.c", "refsource": "MISC", "url": "https://github.com/ScottyBauer/Android_Kernel_CVE_POCs/blob/master/CVE-2017-0705.c" }, { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99482", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99482" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0705", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:13:37.983Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0852
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-16 21:57
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0. Android ID: A-62815506.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.0.2 Version: 5.1.1 Version: 6.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.453Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0. Android ID: A-62815506." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-16T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0852", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0. Android ID: A-62815506." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0852", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T21:57:44.818Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13259
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-09-16 16:37
Severity ?
EPSS score ?
Summary
In functionality implemented in sdp_discovery.cc, there are possible out of bounds reads due to missing bounds checks. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68161546.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-03-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/103253 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.815Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "103253", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103253" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In functionality implemented in sdp_discovery.cc, there are possible out of bounds reads due to missing bounds checks. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68161546." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "103253", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103253" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2017-13259", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In functionality implemented in sdp_discovery.cc, there are possible out of bounds reads due to missing bounds checks. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68161546." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "103253", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103253" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13259", "datePublished": "2018-04-04T17:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T16:37:59.526Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0389
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in core networking could enable a remote attacker to use specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31850211.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95251 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:56.999Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95251", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95251" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in core networking could enable a remote attacker to use specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31850211." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95251", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95251" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0389", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in core networking could enable a remote attacker to use specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31850211." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95251", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95251" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0389", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:56.999Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13209
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 17:17
Severity ?
EPSS score ?
Summary
In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL service with its own service. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217907.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102415 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK | |
https://www.exploit-db.com/exploits/43513/ | exploit, x_refsource_EXPLOIT-DB |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.540Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "102415", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102415" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "43513", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/43513/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL service with its own service. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217907." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "102415", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102415" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "43513", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/43513/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13209", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL service with its own service. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217907." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "102415", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102415" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" }, { "name": "43513", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/43513/" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13209", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T17:17:48.198Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-6425
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-16 20:42
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-32577085. References: QC-CR#1103689.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97362 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T15:25:49.294Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97362", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97362" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-32577085. References: QC-CR#1103689." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97362", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97362" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-04-03T00:00:00", "ID": "CVE-2017-6425", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-32577085. References: QC-CR#1103689." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97362", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97362" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-6425", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-01T00:00:00", "dateUpdated": "2024-09-16T20:42:47.194Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13221
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 17:19
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versions: Android kernel. Android ID: A-64709938.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-01-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.646Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versions: Android kernel. Android ID: A-64709938." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-12T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13221", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versions: Android kernel. Android ID: A-64709938." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13221", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T17:19:01.918Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9465
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-16 23:41
Severity ?
EPSS score ?
Summary
In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69164715 References: Upstream kernel.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-08-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1041432 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.275Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041432" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69164715 References: Upstream kernel." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041432" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9465", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69164715 References: Upstream kernel." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041432" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9465", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T23:41:04.670Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0824
Vulnerability from cvelistv5
Published
2017-10-03 21:00
Modified
2024-09-16 22:35
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37622847. References: B-V2017063001.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-10-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.418Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37622847. References: B-V2017063001." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-03T20:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-10-02T00:00:00", "ID": "CVE-2017-0824", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37622847. References: B-V2017063001." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0824", "datePublished": "2017-10-03T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T22:35:33.111Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10230
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-16 19:46
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Qualcomm crypto driver. Product: Android. Versions: Android kernel. Android ID: A-34389927. References: QC-CR#1091408.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97400 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.844Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97400", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97400" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Qualcomm crypto driver. Product: Android. Versions: Android kernel. Android ID: A-34389927. References: QC-CR#1091408." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97400", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97400" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-04-03T00:00:00", "ID": "CVE-2016-10230", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Qualcomm crypto driver. Product: Android. Versions: Android kernel. Android ID: A-34389927. References: QC-CR#1091408." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97400", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97400" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10230", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-01T00:00:00", "dateUpdated": "2024-09-16T19:46:44.944Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10283
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32094986. References: QC-CR#2002052.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
https://www.codeaurora.org/stack-overflow-wifi-driver-function-wlanhddchangestation-cve-2016-10283 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98160 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.944Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.codeaurora.org/stack-overflow-wifi-driver-function-wlanhddchangestation-cve-2016-10283" }, { "name": "98160", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98160" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32094986. References: QC-CR#2002052." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-23T02:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.codeaurora.org/stack-overflow-wifi-driver-function-wlanhddchangestation-cve-2016-10283" }, { "name": "98160", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98160" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-10283", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32094986. References: QC-CR#2002052." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "https://www.codeaurora.org/stack-overflow-wifi-driver-function-wlanhddchangestation-cve-2016-10283", "refsource": "CONFIRM", "url": "https://www.codeaurora.org/stack-overflow-wifi-driver-function-wlanhddchangestation-cve-2016-10283" }, { "name": "98160", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98160" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10283", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-08-06T03:14:42.944Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0414
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32807795.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96063 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.148Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96063", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96063" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32807795." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96063", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96063" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0414", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32807795." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96063", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96063" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0414", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.148Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0815
Vulnerability from cvelistv5
Published
2017-10-03 21:00
Modified
2024-09-17 03:17
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63526567.
References
▼ | URL | Tags |
---|---|---|
https://android.googlesource.com/platform/frameworks/av/+/f490fc335772a9b14e78997486f4a572b0594c04 | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2017-10-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101088 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.317Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/f490fc335772a9b14e78997486f4a572b0594c04" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-10-01" }, { "name": "101088", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101088" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63526567." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/f490fc335772a9b14e78997486f4a572b0594c04" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-10-01" }, { "name": "101088", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101088" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-10-02T00:00:00", "ID": "CVE-2017-0815", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63526567." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://android.googlesource.com/platform/frameworks/av/+/f490fc335772a9b14e78997486f4a572b0594c04", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/av/+/f490fc335772a9b14e78997486f4a572b0594c04" }, { "name": "https://source.android.com/security/bulletin/2017-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-10-01" }, { "name": "101088", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101088" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0815", "datePublished": "2017-10-03T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:17:45.354Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6709
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. This issue is rated as High because it could be used to access data without permission. Android ID: A-31081987.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94169 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.567Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94169", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94169" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. This issue is rated as High because it could be used to access data without permission. Android ID: A-31081987." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94169", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94169" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6709", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. This issue is rated as High because it could be used to access data without permission. Android ID: A-31081987." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "94169", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94169" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6709", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.567Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0857
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-16 18:39
Severity ?
EPSS score ?
Summary
Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65122447.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.315Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65122447." } ], "problemTypes": [ { "descriptions": [ { "description": "Other", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-16T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0857", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65122447." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Other" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0857", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T18:39:29.277Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0449
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10. Android ID: A-31707909. References: B-RB#32094.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96110 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.168Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96110", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96110" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10. Android ID: A-31707909. References: B-RB#32094." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96110", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96110" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0449", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10. Android ID: A-31707909. References: B-RB#32094." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96110", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96110" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0449", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.168Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0506
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32276718. References: M-ALPS03006904.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96726 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.556Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96726", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96726" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32276718. References: M-ALPS03006904." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96726", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96726" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0506", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32276718. References: M-ALPS03006904." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96726", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96726" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0506", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.556Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13269
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-09-17 02:46
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68818034.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-03-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.145Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68818034." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T16:57:02", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2017-13269", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68818034." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13269", "datePublished": "2018-04-04T17:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T02:46:55.407Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0472
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33862021.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96717 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.799Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96717" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33862021." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96717" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0472", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33862021." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96717" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0472", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.799Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6762
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31251826.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94700 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.851Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94700", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94700" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31251826." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94700", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94700" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6762", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31251826." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94700", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94700" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6762", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.851Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9538
Vulnerability from cvelistv5
Published
2018-12-06 14:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In V4L2SliceVideoDecodeAccelerator::Dequeue of v4l2_slice_video_decode_accelerator.cc, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-112181526.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/106137 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-8.1 Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.902Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "106137", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106137" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-8.1 Android-9" } ] } ], "datePublic": "2018-12-06T00:00:00", "descriptions": [ { "lang": "en", "value": "In V4L2SliceVideoDecodeAccelerator::Dequeue of v4l2_slice_video_decode_accelerator.cc, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-112181526." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-08T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "106137", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106137" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9538", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-8.1 Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In V4L2SliceVideoDecodeAccelerator::Dequeue of v4l2_slice_video_decode_accelerator.cc, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-112181526." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "106137", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106137" }, { "name": "https://source.android.com/security/bulletin/2018-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9538", "datePublished": "2018-12-06T14:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.902Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13216
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 20:32
Severity ?
EPSS score ?
Summary
In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/102390 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
https://www.exploit-db.com/exploits/43464/ | exploit, x_refsource_EXPLOIT-DB | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.616Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "102390", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102390" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "43464", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/43464/" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "102390", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102390" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "43464", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/43464/" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13216", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "102390", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102390" }, { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "43464", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/43464/" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13216", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T20:32:01.232Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9529
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In ixheaacd_individual_ch_stream of ixheaacd_channel.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112551874
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.977Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In ixheaacd_individual_ch_stream of ixheaacd_channel.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112551874" } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-14T17:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9529", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ixheaacd_individual_ch_stream of ixheaacd_channel.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112551874" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9529", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.977Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9476
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-17 02:11
Severity ?
EPSS score ?
Summary
In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible use-after-free due to improper locking. This could lead to remote escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-109699112
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105482 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-10-01%2C | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/system/bt/+/dd28d8ddf2985d654781770c691c60b45d7f32b4 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-8.0 Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.919Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/system/bt/+/dd28d8ddf2985d654781770c691c60b45d7f32b4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-8.0 Android-8.1" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible use-after-free due to improper locking. This could lead to remote escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-109699112" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/system/bt/+/dd28d8ddf2985d654781770c691c60b45d7f32b4" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9476", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-8.0 Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible use-after-free due to improper locking. This could lead to remote escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-109699112" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "105482", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105482" }, { "name": "https://source.android.com/security/bulletin/2018-10-01,", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01," }, { "name": "https://android.googlesource.com/platform/system/bt/+/dd28d8ddf2985d654781770c691c60b45d7f32b4", "refsource": "MISC", "url": "https://android.googlesource.com/platform/system/bt/+/dd28d8ddf2985d654781770c691c60b45d7f32b4" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9476", "datePublished": "2018-10-02T19:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-17T02:11:01.458Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0811
Vulnerability from cvelistv5
Published
2017-10-03 21:00
Modified
2024-09-17 02:42
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37930177.
References
▼ | URL | Tags |
---|---|---|
https://android.googlesource.com/platform/external/libhevc/+/25c0ffbe6a181b4a373c3c9b421ea449d457e6ed | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2017-10-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101088 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.306Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/25c0ffbe6a181b4a373c3c9b421ea449d457e6ed" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-10-01" }, { "name": "101088", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101088" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37930177." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/25c0ffbe6a181b4a373c3c9b421ea449d457e6ed" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-10-01" }, { "name": "101088", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101088" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-10-02T00:00:00", "ID": "CVE-2017-0811", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37930177." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://android.googlesource.com/platform/external/libhevc/+/25c0ffbe6a181b4a373c3c9b421ea449d457e6ed", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libhevc/+/25c0ffbe6a181b4a373c3c9b421ea449d457e6ed" }, { "name": "https://source.android.com/security/bulletin/2017-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-10-01" }, { "name": "101088", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101088" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0811", "datePublished": "2017-10-03T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T02:42:08.660Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0443
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32877494. References: QC-CR#1092497.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96047 | vdb-entry, x_refsource_BID | |
https://www.codeaurora.org/out-bounds-write-wlan-driver-function-wlanhddcfg80211setextroamparams-cve-2017-0443 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.149Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96047", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96047" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.codeaurora.org/out-bounds-write-wlan-driver-function-wlanhddcfg80211setextroamparams-cve-2017-0443" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32877494. References: QC-CR#1092497." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96047", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96047" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.codeaurora.org/out-bounds-write-wlan-driver-function-wlanhddcfg80211setextroamparams-cve-2017-0443" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0443", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32877494. References: QC-CR#1092497." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96047", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96047" }, { "name": "https://www.codeaurora.org/out-bounds-write-wlan-driver-function-wlanhddcfg80211setextroamparams-cve-2017-0443", "refsource": "CONFIRM", "url": "https://www.codeaurora.org/out-bounds-write-wlan-driver-function-wlanhddcfg80211setextroamparams-cve-2017-0443" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0443", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.149Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8456
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219255. References: B-RB#105580.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95240 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.364Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95240", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95240" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219255. References: B-RB#105580." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95240", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95240" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8456", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219255. References: B-RB#105580." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95240", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95240" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8456", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.364Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0526
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the HTC Sensor Hub Driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33897738.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96949 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.127Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96949", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96949" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the HTC Sensor Hub Driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33897738." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96949", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96949" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0526", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the HTC Sensor Hub Driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33897738." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96949", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96949" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0526", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.127Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0848
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-16 23:06
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64477217.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.312Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64477217." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-16T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0848", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64477217." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0848", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T23:06:36.199Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9507
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-17 02:31
Severity ?
EPSS score ?
Summary
In bta_av_proc_meta_cmd of bta_av_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111893951
References
▼ | URL | Tags |
---|---|---|
https://android.googlesource.com/platform/system/bt/+/30cec963095366536ca0b1306089154e09bfe1a9 | x_refsource_MISC | |
http://www.securityfocus.com/bid/105482 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-10-01%2C | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.876Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/system/bt/+/30cec963095366536ca0b1306089154e09bfe1a9" }, { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In bta_av_proc_meta_cmd of bta_av_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111893951" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/system/bt/+/30cec963095366536ca0b1306089154e09bfe1a9" }, { "name": "105482", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105482" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9507", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In bta_av_proc_meta_cmd of bta_av_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111893951" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://android.googlesource.com/platform/system/bt/+/30cec963095366536ca0b1306089154e09bfe1a9", "refsource": "MISC", "url": "https://android.googlesource.com/platform/system/bt/+/30cec963095366536ca0b1306089154e09bfe1a9" }, { "name": "105482", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105482" }, { "name": "https://source.android.com/security/bulletin/2018-10-01,", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01," } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9507", "datePublished": "2018-10-02T19:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-17T02:31:54.977Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0723
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-17 01:21
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37968755.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.502Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37968755." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0723", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37968755." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0723", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T01:21:07.679Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13235
Vulnerability from cvelistv5
Published
2018-02-12 19:00
Modified
2024-09-16 23:25
Severity ?
EPSS score ?
Summary
A other vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68342866.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-02-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:17.933Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A other vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68342866." } ], "problemTypes": [ { "descriptions": [ { "description": "Other", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-12T18:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-02-05T00:00:00", "ID": "CVE-2017-13235", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A other vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68342866." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Other" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13235", "datePublished": "2018-02-12T19:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T23:25:46.651Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0584
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32074353. References: QC-CR#1104731.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97363 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.600Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97363", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97363" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32074353. References: QC-CR#1104731." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97363", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97363" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0584", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32074353. References: QC-CR#1104731." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97363", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97363" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0584", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.600Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0742
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-16 20:57
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the MediaTek video driver. Product: Android. Versions: Android kernel. Android ID: A-36074857. References: M-ALPS03275524.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100209 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.049Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100209", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100209" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the MediaTek video driver. Product: Android. Versions: Android kernel. Android ID: A-36074857. References: M-ALPS03275524." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100209", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100209" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0742", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the MediaTek video driver. Product: Android. Versions: Android kernel. Android ID: A-36074857. References: M-ALPS03275524." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "100209", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100209" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0742", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T20:57:35.888Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0761
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 22:46
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38448381.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100649 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.302Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38448381." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0761", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38448381." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "100649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100649" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0761", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T22:46:49.172Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0552
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097915.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/97336 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/external/libavc/+/9a00f562a612d56e7b2b989d168647db900ba6cf | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.298Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "97336", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97336" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libavc/+/9a00f562a612d56e7b2b989d168647db900ba6cf" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097915." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "97336", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97336" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libavc/+/9a00f562a612d56e7b2b989d168647db900ba6cf" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0552", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097915." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "97336", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97336" }, { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "https://android.googlesource.com/platform/external/libavc/+/9a00f562a612d56e7b2b989d168647db900ba6cf", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libavc/+/9a00f562a612d56e7b2b989d168647db900ba6cf" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0552", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.298Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10286
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35400904. References: QC-CR#1090237.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98165 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.964Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98165", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98165" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35400904. References: QC-CR#1090237." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98165", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98165" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-10286", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35400904. References: QC-CR#1090237." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "98165", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98165" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10286", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-08-06T03:14:42.964Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8447
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31749463. References: MT-ALPS02968886.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95229 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.364Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95229", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95229" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31749463. References: MT-ALPS02968886." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95229", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95229" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8447", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31749463. References: MT-ALPS02968886." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95229", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95229" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8447", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.364Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9457
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-72872376
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105845 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-8.0 Android-8.1 Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:54.838Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105845", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105845" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-8.0 Android-8.1 Android-9" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-72872376" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-15T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105845", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105845" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9457", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-8.0 Android-8.1 Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-72872376" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "105845", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105845" }, { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9457", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:54.838Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0827
Vulnerability from cvelistv5
Published
2017-10-03 21:00
Modified
2024-09-17 00:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-62539960. References: M-ALPS03353876, M-ALPS03353861, M-ALPS03353869, M-ALPS03353867, M-ALPS03353872.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/101120 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-10-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.292Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "101120", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101120" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-10-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-62539960. References: M-ALPS03353876, M-ALPS03353861, M-ALPS03353869, M-ALPS03353867, M-ALPS03353872." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "101120", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101120" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-10-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-10-02T00:00:00", "ID": "CVE-2017-0827", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-62539960. References: M-ALPS03353876, M-ALPS03353861, M-ALPS03353869, M-ALPS03353867, M-ALPS03353872." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "101120", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101120" }, { "name": "https://source.android.com/security/bulletin/2017-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-10-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0827", "datePublished": "2017-10-03T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T00:36:19.741Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0452
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32873615. References: QC-CR#1093693.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96836 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.163Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96836", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96836" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32873615. References: QC-CR#1093693." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96836", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96836" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0452", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32873615. References: QC-CR#1093693." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96836", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96836" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0452", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.163Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0720
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-17 01:41
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37430213.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.085Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37430213." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0720", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37430213." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0720", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T01:41:01.988Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9552
Vulnerability from cvelistv5
Published
2018-12-06 14:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bounds write due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-113260892.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/106137 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.036Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "106137", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106137" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } ], "datePublic": "2018-12-06T00:00:00", "descriptions": [ { "lang": "en", "value": "In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bounds write due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-113260892." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-08T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "106137", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106137" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9552", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bounds write due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-113260892." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "106137", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106137" }, { "name": "https://source.android.com/security/bulletin/2018-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9552", "datePublished": "2018-12-06T14:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.036Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6755
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30740545. References: QC-CR#1065916.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94676 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.894Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94676", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94676" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30740545. References: QC-CR#1065916." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94676", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94676" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6755", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30740545. References: QC-CR#1065916." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94676", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94676" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6755", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.894Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0450
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it is mitigated by current platform configurations. Product: Android. Versions: N/A. Android ID: A-32917432.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96109 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.181Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96109", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96109" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it is mitigated by current platform configurations. Product: Android. Versions: N/A. Android ID: A-32917432." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96109", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96109" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0450", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it is mitigated by current platform configurations. Product: Android. Versions: N/A. Android ID: A-32917432." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96109", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96109" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0450", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.181Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6698
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30741851. References: Qualcomm QC-CR#1058826.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94139 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.594Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94139", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94139" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30741851. References: Qualcomm QC-CR#1058826." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94139", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94139" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6698", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30741851. References: Qualcomm QC-CR#1058826." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94139", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94139" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6698", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.594Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0704
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-17 03:23
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-33059280.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99472 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:04.952Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99472", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99472" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-33059280." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99472", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99472" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0704", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-33059280." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99472", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99472" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0704", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:23:02.788Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0769
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 19:35
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37662122.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100649 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.251Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37662122." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0769", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37662122." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "100649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100649" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0769", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T19:35:32.895Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8433
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31750190. References: MT-ALPS02974192.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95253 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.358Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95253", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95253" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31750190. References: MT-ALPS02974192." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95253", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95253" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8433", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31750190. References: MT-ALPS02974192." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95253", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95253" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8433", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.358Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0808
Vulnerability from cvelistv5
Published
2017-10-03 21:00
Modified
2024-09-16 22:56
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android framework (file system). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62301183.
References
▼ | URL | Tags |
---|---|---|
https://android.googlesource.com/platform/libcore/+/809681f310663288e83587089abb7715c68f6924 | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/pixel/2017-10-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101190 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.222Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/libcore/+/809681f310663288e83587089abb7715c68f6924" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "name": "101190", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101190" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android framework (file system). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62301183." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-07T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/libcore/+/809681f310663288e83587089abb7715c68f6924" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "name": "101190", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101190" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-10-02T00:00:00", "ID": "CVE-2017-0808", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android framework (file system). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62301183." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://android.googlesource.com/platform/libcore/+/809681f310663288e83587089abb7715c68f6924", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/libcore/+/809681f310663288e83587089abb7715c68f6924" }, { "name": "https://source.android.com/security/bulletin/pixel/2017-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "name": "101190", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101190" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0808", "datePublished": "2017-10-03T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T22:56:08.855Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0510
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32402555.
References
▼ | URL | Tags |
---|---|---|
https://alephsecurity.com/2017/03/08/nexus9-fiq-debugger/ | x_refsource_MISC | |
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96800 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.974Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://alephsecurity.com/2017/03/08/nexus9-fiq-debugger/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96800", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96800" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32402555." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://alephsecurity.com/2017/03/08/nexus9-fiq-debugger/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96800", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96800" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0510", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32402555." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://alephsecurity.com/2017/03/08/nexus9-fiq-debugger/", "refsource": "MISC", "url": "https://alephsecurity.com/2017/03/08/nexus9-fiq-debugger/" }, { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96800", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96800" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0510", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.974Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0570
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199963. References: B-RB#110688.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97331 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.427Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97331", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97331" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199963. References: B-RB#110688." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97331", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97331" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0570", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199963. References: B-RB#110688." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97331", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97331" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0570", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.427Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13199
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 18:08
Severity ?
EPSS score ?
Summary
In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception is not thrown leading to a java.io.IOException later on. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-33846679.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/102414 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.586Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102414" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception is not thrown leading to a java.io.IOException later on. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-33846679." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102414" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13199", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception is not thrown leading to a java.io.IOException later on. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-33846679." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102414" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13199", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T18:08:02.302Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9496
Vulnerability from cvelistv5
Published
2018-10-02 19:00
Modified
2024-09-16 23:30
Severity ?
EPSS score ?
Summary
In ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-110769924
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-10-01%2C | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/105481 | vdb-entry, x_refsource_BID | |
https://android.googlesource.com/platform/external/libxaac/+/04e8cd58f075bec5892e369c8deebca9c67e855c | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:54.961Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "name": "105481", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105481" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libxaac/+/04e8cd58f075bec5892e369c8deebca9c67e855c" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9.0" } ] } ], "datePublic": "2018-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-110769924" } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-10-01%2C" }, { "name": "105481", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105481" }, { "tags": [ "x_refsource_MISC" ], "url": "https://android.googlesource.com/platform/external/libxaac/+/04e8cd58f075bec5892e369c8deebca9c67e855c" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9496", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-110769924" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-10-01,", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01," }, { "name": "105481", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105481" }, { "name": "https://android.googlesource.com/platform/external/libxaac/+/04e8cd58f075bec5892e369c8deebca9c67e855c", "refsource": "MISC", "url": "https://android.googlesource.com/platform/external/libxaac/+/04e8cd58f075bec5892e369c8deebca9c67e855c" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9496", "datePublished": "2018-10-02T19:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T23:30:21.359Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0748
Vulnerability from cvelistv5
Published
2018-04-05 18:00
Modified
2024-09-16 22:51
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm audio driver. Product: Android. Versions: Android Kernel. Android ID: A-35764875. References: QC-CR#2029798.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100210 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.311Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" }, { "name": "100210", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100210" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm audio driver. Product: Android. Versions: Android Kernel. Android ID: A-35764875. References: QC-CR#2029798." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-06T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" }, { "name": "100210", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100210" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0748", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm audio driver. Product: Android. Versions: Android Kernel. Android ID: A-35764875. References: QC-CR#2029798." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" }, { "name": "100210", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100210" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0748", "datePublished": "2018-04-05T18:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T22:51:03.422Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9574
Vulnerability from cvelistv5
Published
2018-12-07 23:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In impd_parse_split_drc_characteristic of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116619337.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.115Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-12-07T00:00:00", "descriptions": [ { "lang": "en", "value": "In impd_parse_split_drc_characteristic of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116619337." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-07T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9574", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In impd_parse_split_drc_characteristic of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116619337." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9574", "datePublished": "2018-12-07T23:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.115Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9542
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111896861
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105849 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.246Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105849", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105849" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111896861" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-15T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105849", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105849" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9542", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111896861" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "105849", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105849" }, { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9542", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.246Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0772
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-17 02:47
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38115076.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100649 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.288Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38115076." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0772", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38115076." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "100649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100649" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0772", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T02:47:59.941Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8476
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32879283. References: QC-CR#1091940.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96047 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.332Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96047", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32879283. References: QC-CR#1091940." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96047", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8476", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32879283. References: QC-CR#1091940." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96047", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8476", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.332Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0494
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32764144.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96789 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.666Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96789", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96789" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32764144." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96789", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96789" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0494", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32764144." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96789", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96789" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0494", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.666Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13229
Vulnerability from cvelistv5
Published
2018-02-12 19:00
Modified
2024-09-16 23:46
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68160703.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-02-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/103016 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.669Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" }, { "name": "103016", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103016" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68160703." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-15T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" }, { "name": "103016", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103016" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-02-05T00:00:00", "ID": "CVE-2017-13229", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68160703." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" }, { "name": "103016", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103016" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13229", "datePublished": "2018-02-12T19:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T23:46:37.507Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0477
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 7.1.1. Android ID: A-33621647.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96760 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.752Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96760", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96760" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 7.1.1. Android ID: A-33621647." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96760", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96760" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0477", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 7.1.1. Android ID: A-33621647." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "96760", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96760" }, { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0477", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.752Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0555
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in libavc in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33551775.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/external/libavc/+/0b23c81c3dd9ec38f7e6806a3955fed1925541a0 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97332 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.382Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libavc/+/0b23c81c3dd9ec38f7e6806a3955fed1925541a0" }, { "name": "97332", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97332" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in libavc in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33551775." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libavc/+/0b23c81c3dd9ec38f7e6806a3955fed1925541a0" }, { "name": "97332", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97332" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0555", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in libavc in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33551775." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "https://android.googlesource.com/platform/external/libavc/+/0b23c81c3dd9ec38f7e6806a3955fed1925541a0", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libavc/+/0b23c81c3dd9ec38f7e6806a3955fed1925541a0" }, { "name": "97332", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97332" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0555", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.382Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6725
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Qualcomm crypto driver in Android before 2016-11-05 could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Android ID: A-30515053. References: Qualcomm QC-CR#1050970.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94182 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.614Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94182", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94182" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Qualcomm crypto driver in Android before 2016-11-05 could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Android ID: A-30515053. References: Qualcomm QC-CR#1050970." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94182", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94182" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6725", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Qualcomm crypto driver in Android before 2016-11-05 could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Android ID: A-30515053. References: Qualcomm QC-CR#1050970." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "94182", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94182" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6725", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.614Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0408
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 7.1.1. Android ID: A-32769670.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96092 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.109Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96092", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96092" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 7.1.1. Android ID: A-32769670." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96092", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96092" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0408", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 7.1.1. Android ID: A-32769670." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "96092", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96092" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0408", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.109Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0727
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-17 01:01
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Android media framework (libgui). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-33004354.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.506Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Android media framework (libgui). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-33004354." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0727", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Android media framework (libgui). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-33004354." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0727", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T01:01:53.099Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8436
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32450261. References: QC-CR#1007860.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95259 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.337Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95259", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95259" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32450261. References: QC-CR#1007860." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95259", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95259" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8436", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32450261. References: QC-CR#1007860." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95259", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95259" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8436", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.337Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9347
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:17
Severity ?
EPSS score ?
Summary
In function SMF_ParseMetaEvent of file eas_smf.c there is incorrect input validation causing an infinite loop. This could lead to a remote temporary DoS with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-68664359
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105844 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:17:52.087Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105844", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105844" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In function SMF_ParseMetaEvent of file eas_smf.c there is incorrect input validation causing an infinite loop. This could lead to a remote temporary DoS with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-68664359" } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-15T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105844", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105844" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9347", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In function SMF_ParseMetaEvent of file eas_smf.c there is incorrect input validation causing an infinite loop. This could lead to a remote temporary DoS with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-68664359" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "105844", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105844" }, { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9347", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:17:52.087Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0847
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-16 23:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Android media framework (mediaanalytics). Product: Android. Versions: 8.0. Android ID: A-65540999.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.328Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Android media framework (mediaanalytics). Product: Android. Versions: 8.0. Android ID: A-65540999." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-16T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0847", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Android media framework (mediaanalytics). Product: Android. Versions: 8.0. Android ID: A-65540999." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0847", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T23:20:21.984Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0522
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in a MediaTek APK could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High due to the possibility of local arbitrary code execution in a privileged process. Product: Android. Versions: N/A. Android ID: A-32916158. References: M-ALPS03032516.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96798 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.005Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96798", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96798" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in a MediaTek APK could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High due to the possibility of local arbitrary code execution in a privileged process. Product: Android. Versions: N/A. Android ID: A-32916158. References: M-ALPS03032516." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96798", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96798" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0522", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in a MediaTek APK could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High due to the possibility of local arbitrary code execution in a privileged process. Product: Android. Versions: N/A. Android ID: A-32916158. References: M-ALPS03032516." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96798", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96798" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0522", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.005Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8428
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31993456. References: N-CVE-2016-8428.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95231 | vdb-entry, x_refsource_BID | |
http://nvidia.custhelp.com/app/answers/detail/a_id/4561 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.335Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95231", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95231" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31993456. References: N-CVE-2016-8428." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-18T17:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95231", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95231" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8428", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31993456. References: N-CVE-2016-8428." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95231", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95231" }, { "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8428", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.335Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8463
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Qualcomm FUSE file system could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30786860. References: QC-CR#586855.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95245 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.320Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95245", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95245" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Qualcomm FUSE file system could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30786860. References: QC-CR#586855." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95245", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95245" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8463", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Qualcomm FUSE file system could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30786860. References: QC-CR#586855." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95245", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95245" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8463", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.320Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0872
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 19:25
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65290323.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-12-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102126 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.452Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102126" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65290323." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-12T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102126" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-0872", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65290323." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102126" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0872", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T19:25:50.452Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0706
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 20:38
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-35195787. References: B-RB#120532.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99482 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.477Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99482", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99482" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-35195787. References: B-RB#120532." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99482", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99482" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0706", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-35195787. References: B-RB#120532." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99482", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99482" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0706", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T20:38:02.874Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0770
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-17 00:41
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38234812.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100649 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.260Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38234812." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0770", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38234812." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "100649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100649" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0770", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T00:41:34.716Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9544
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In register_app of btif_hd.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113037220
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105849 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.142Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105849", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105849" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In register_app of btif_hd.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113037220" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-15T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105849", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105849" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9544", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In register_app of btif_hd.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113037220" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "105849", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105849" }, { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9544", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.142Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9361
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-16 16:18
Severity ?
EPSS score ?
Summary
In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74202041.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-06-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/104461 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:17:52.236Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-06-01" }, { "name": "104461", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104461" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74202041." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-06-01" }, { "name": "104461", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104461" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9361", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74202041." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-06-01" }, { "name": "104461", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104461" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9361", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T16:18:55.966Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13255
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-09-17 02:37
Severity ?
EPSS score ?
Summary
In process_service_attr_req of sdp_server.c, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68776054.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-03-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/103253 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:17.959Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "103253", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103253" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In process_service_attr_req of sdp_server.c, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68776054." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "103253", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103253" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2017-13255", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In process_service_attr_req of sdp_server.c, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68776054." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-03-01" }, { "name": "103253", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103253" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13255", "datePublished": "2018-04-04T17:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T02:37:32.701Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6747
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in Mediaserver in Android before 2016-11-05 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31244612. References: NVIDIA N-CVE-2016-6747.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94212 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.578Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94212", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94212" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in Mediaserver in Android before 2016-11-05 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31244612. References: NVIDIA N-CVE-2016-6747." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94212", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94212" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6747", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in Mediaserver in Android before 2016-11-05 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31244612. References: NVIDIA N-CVE-2016-6747." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94212", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94212" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6747", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.578Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0813
Vulnerability from cvelistv5
Published
2017-10-03 21:00
Modified
2024-09-16 17:18
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36531046.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-10-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101151 | vdb-entry, x_refsource_BID | |
https://android.googlesource.com/platform/frameworks/av/+/7fa3f552a6f34ed05c15e64ea30b8eed53f77a41 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.109Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "name": "101151", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101151" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/7fa3f552a6f34ed05c15e64ea30b8eed53f77a41" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36531046." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-06T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "name": "101151", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101151" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/7fa3f552a6f34ed05c15e64ea30b8eed53f77a41" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-10-02T00:00:00", "ID": "CVE-2017-0813", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36531046." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" }, { "name": "101151", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101151" }, { "name": "https://android.googlesource.com/platform/frameworks/av/+/7fa3f552a6f34ed05c15e64ea30b8eed53f77a41", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/av/+/7fa3f552a6f34ed05c15e64ea30b8eed53f77a41" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0813", "datePublished": "2017-10-03T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T17:18:04.319Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13280
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-17 01:11
Severity ?
EPSS score ?
Summary
In the FrameSequence_gif::FrameSequence_gif function of libframesequence, there is a out of bounds read due to a missing bounds check. This could lead to a remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71361451.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.031Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In the FrameSequence_gif::FrameSequence_gif function of libframesequence, there is a out of bounds read due to a missing bounds check. This could lead to a remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71361451." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13280", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the FrameSequence_gif::FrameSequence_gif function of libframesequence, there is a out of bounds read due to a missing bounds check. This could lead to a remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71361451." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13280", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T01:11:04.748Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13156
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-17 02:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/102109 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-12-01 | x_refsource_CONFIRM | |
http://packetstormsecurity.com/files/155189/Android-Janus-APK-Signature-Bypass.html | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.529Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "102109", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102109" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/155189/Android-Janus-APK-Signature-Bypass.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-07T16:06:40", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "102109", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102109" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/155189/Android-Janus-APK-Signature-Bypass.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13156", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "102109", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102109" }, { "name": "https://source.android.com/security/bulletin/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "http://packetstormsecurity.com/files/155189/Android-Janus-APK-Signature-Bypass.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/155189/Android-Janus-APK-Signature-Bypass.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13156", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T02:36:41.237Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0436
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32624661. References: QC-CR#1078000.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96053 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.169Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96053", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96053" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32624661. References: QC-CR#1078000." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96053", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96053" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0436", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32624661. References: QC-CR#1078000." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96053", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96053" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0436", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.169Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8422
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31471220. References: QC-CR#979426.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95241 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.300Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95241", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95241" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31471220. References: QC-CR#979426." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95241", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95241" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8422", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31471220. References: QC-CR#979426." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95241", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95241" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8422", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.300Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13246
Vulnerability from cvelistv5
Published
2018-02-12 19:00
Modified
2024-09-17 00:10
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Upstream kernel network driver. Product: Android. Versions: Android kernel. ID: A-36279469.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-02-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/103029 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:17.902Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" }, { "name": "103029", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103029" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Upstream kernel network driver. Product: Android. Versions: Android kernel. ID: A-36279469." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-16T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" }, { "name": "103029", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103029" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-02-05T00:00:00", "ID": "CVE-2017-13246", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Upstream kernel network driver. Product: Android. Versions: Android kernel. ID: A-36279469." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" }, { "name": "103029", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103029" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13246", "datePublished": "2018-02-12T19:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T00:10:44.394Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0828
Vulnerability from cvelistv5
Published
2017-10-03 21:00
Modified
2024-09-16 17:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Huawei bootloader. Product: Android. Versions: Android kernel. Android ID: A-34622855.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-10-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.303Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Huawei bootloader. Product: Android. Versions: Android kernel. Android ID: A-34622855." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-03T20:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-10-02T00:00:00", "ID": "CVE-2017-0828", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Huawei bootloader. Product: Android. Versions: Android kernel. Android ID: A-34622855." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0828", "datePublished": "2017-10-03T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T17:03:48.052Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0619
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm pin controller driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35401152. References: QC-CR#826566.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98192 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.848Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98192", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98192" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm pin controller driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35401152. References: QC-CR#826566." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-19T09:57:02", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98192", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98192" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0619", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm pin controller driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35401152. References: QC-CR#826566." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "98192", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98192" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0619", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.848Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13154
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 17:07
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63666573.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.407Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63666573." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-06T13:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13154", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63666573." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13154", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T17:07:57.029Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13217
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 19:09
Severity ?
EPSS score ?
Summary
In DisplayFtmItem in the bootloader, there is an out-of-bounds write due to reading a string without verifying that it's null-terminated. This could lead to a secure boot bypass and a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-68269077.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102423 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.704Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "102423", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102423" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In DisplayFtmItem in the bootloader, there is an out-of-bounds write due to reading a string without verifying that it\u0027s null-terminated. This could lead to a secure boot bypass and a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-68269077." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "102423", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102423" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13217", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In DisplayFtmItem in the bootloader, there is an out-of-bounds write due to reading a string without verifying that it\u0027s null-terminated. This could lead to a secure boot bypass and a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-68269077." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "102423", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102423" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13217", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T19:09:18.479Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0764
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 20:01
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libvorbis). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872015.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100649 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.270Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libvorbis). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872015." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0764", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libvorbis). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872015." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "100649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100649" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0764", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T20:01:29.221Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10232
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-16 19:24
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34386696. References: QC-CR#1024872.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97339 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.898Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97339", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97339" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34386696. References: QC-CR#1024872." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97339", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97339" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-04-03T00:00:00", "ID": "CVE-2016-10232", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34386696. References: QC-CR#1024872." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97339", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97339" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10232", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-01T00:00:00", "dateUpdated": "2024-09-16T19:24:40.992Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10231
Vulnerability from cvelistv5
Published
2018-04-04 18:00
Modified
2024-09-17 00:30
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versions: Android kernel. Android ID: A-33966912. References: QC-CR#1096799.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97402 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.971Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97402", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97402" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versions: Android kernel. Android ID: A-33966912. References: QC-CR#1096799." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97402", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97402" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-04-03T00:00:00", "ID": "CVE-2016-10231", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versions: Android kernel. Android ID: A-33966912. References: QC-CR#1096799." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97402", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97402" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10231", "datePublished": "2018-04-04T18:00:00Z", "dateReserved": "2017-03-01T00:00:00", "dateUpdated": "2024-09-17T00:30:38.241Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0801
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 19:24
Severity ?
EPSS score ?
Summary
A elevation of privilege vulnerability in the MediaTek libmtkomxvdec. Product: Android. Versions: Android kernel. Android ID: A-38447970. References: M-ALPS03337980.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100652 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.276Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100652", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100652" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the MediaTek libmtkomxvdec. Product: Android. Versions: Android kernel. Android ID: A-38447970. References: M-ALPS03337980." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100652", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100652" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0801", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the MediaTek libmtkomxvdec. Product: Android. Versions: Android kernel. Android ID: A-38447970. References: M-ALPS03337980." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "100652", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100652" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0801", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T19:24:35.272Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13250
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-09-16 23:55
Severity ?
EPSS score ?
Summary
In ih264d_fmt_conv_420sp_to_420p of ih264d_utils.c, there is an out of bound write due to a missing out of bounds check because of a multiplication error. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71375536.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/103255 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-03-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:17.949Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "103255", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103255" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-03-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In ih264d_fmt_conv_420sp_to_420p of ih264d_utils.c, there is an out of bound write due to a missing out of bounds check because of a multiplication error. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71375536." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "103255", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103255" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-03-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2017-13250", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ih264d_fmt_conv_420sp_to_420p of ih264d_utils.c, there is an out of bound write due to a missing out of bounds check because of a multiplication error. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71375536." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "103255", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103255" }, { "name": "https://source.android.com/security/bulletin/2018-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-03-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13250", "datePublished": "2018-04-04T17:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T23:55:41.941Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8405
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31651010.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94686 | vdb-entry, x_refsource_BID | |
http://www.debian.org/security/2017/dsa-3791 | vendor-advisory, x_refsource_DEBIAN |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.297Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94686", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94686" }, { "name": "DSA-3791", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3791" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31651010." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-03T18:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94686", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94686" }, { "name": "DSA-3791", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3791" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8405", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31651010." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94686", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94686" }, { "name": "DSA-3791", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3791" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8405", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.297Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0631
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399756. References: QC-CR#1093232.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98216 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.954Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98216", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98216" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399756. References: QC-CR#1093232." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98216", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98216" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0631", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399756. References: QC-CR#1093232." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "98216", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98216" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0631", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.954Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0537
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96831 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.885Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96831", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96831" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96831", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96831" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0537", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96831", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96831" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0537", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.885Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6773
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the ih264d decoder in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0. Android ID: A-30481714.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94707 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.977Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94707", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94707" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the ih264d decoder in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0. Android ID: A-30481714." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94707", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94707" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6773", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the ih264d decoder in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0. Android ID: A-30481714." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94707", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94707" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6773", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.977Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0516
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm input hardware driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32341680. References: QC-CR#1096301.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96802 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.827Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96802", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96802" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm input hardware driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32341680. References: QC-CR#1096301." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96802", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96802" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0516", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm input hardware driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32341680. References: QC-CR#1096301." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96802", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96802" }, { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0516", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.827Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0837
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 22:35
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Android media framework (libaudiopolicymanager). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64340921.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-12-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102126 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.284Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102126" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Android media framework (libaudiopolicymanager). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64340921." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-12T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102126" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-0837", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Android media framework (libaudiopolicymanager). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64340921." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102126" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0837", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T22:35:22.909Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13186
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 16:24
Severity ?
EPSS score ?
Summary
A vulnerability in the Android media framework (libavc) related to incorrect use of mmco parameters. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65735716.
References
▼ | URL | Tags |
---|---|---|
https://android.googlesource.com/platform/external/libavc/+/6c327afb263837bc90760c55c6605b26161a4eb9 | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/pixel/2018-01-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.748Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libavc/+/6c327afb263837bc90760c55c6605b26161a4eb9" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Android media framework (libavc) related to incorrect use of mmco parameters. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65735716." } ], "problemTypes": [ { "descriptions": [ { "description": "Other", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-12T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libavc/+/6c327afb263837bc90760c55c6605b26161a4eb9" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13186", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Android media framework (libavc) related to incorrect use of mmco parameters. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65735716." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Other" } ] } ] }, "references": { "reference_data": [ { "name": "https://android.googlesource.com/platform/external/libavc/+/6c327afb263837bc90760c55c6605b26161a4eb9", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libavc/+/6c327afb263837bc90760c55c6605b26161a4eb9" }, { "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13186", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T16:24:06.262Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0635
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote denial of service vulnerability in HevcUtils.cpp in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Low due to details specific to the vulnerability. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35467107.
References
▼ | URL | Tags |
---|---|---|
https://android.googlesource.com/platform/frameworks/av/+/523f6b49c1a2289161f40cf9fe80b92e592e9441 | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.897Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/523f6b49c1a2289161f40cf9fe80b92e592e9441" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote denial of service vulnerability in HevcUtils.cpp in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Low due to details specific to the vulnerability. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35467107." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-12T14:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/523f6b49c1a2289161f40cf9fe80b92e592e9441" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0635", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote denial of service vulnerability in HevcUtils.cpp in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Low due to details specific to the vulnerability. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35467107." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://android.googlesource.com/platform/frameworks/av/+/523f6b49c1a2289161f40cf9fe80b92e592e9441", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/frameworks/av/+/523f6b49c1a2289161f40cf9fe80b92e592e9441" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0635", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.897Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10292
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a proximate attacker to cause a denial of service in the Wi-Fi subsystem. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34514463. References: QC-CR#1065466.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.908Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a proximate attacker to cause a denial of service in the Wi-Fi subsystem. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34514463. References: QC-CR#1065466." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-10292", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a proximate attacker to cause a denial of service in the Wi-Fi subsystem. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34514463. References: QC-CR#1065466." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "98204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98204" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-10292", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2017-03-28T00:00:00", "dateUpdated": "2024-08-06T03:14:42.908Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6738
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm crypto engine driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30034511. References: Qualcomm QC-CR#1050538.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94208 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.543Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94208", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94208" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm crypto engine driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30034511. References: Qualcomm QC-CR#1050538." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94208", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94208" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6738", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm crypto engine driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30034511. References: Qualcomm QC-CR#1050538." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94208", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94208" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6738", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.543Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0445
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32769717.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96054 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.201Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96054", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96054" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32769717." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96054", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96054" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0445", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32769717." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96054", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96054" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0445", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.201Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0621
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35399703. References: QC-CR#831322.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98196 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.804Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98196", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98196" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35399703. References: QC-CR#831322." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98196", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98196" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0621", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35399703. References: QC-CR#831322." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "98196", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98196" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0621", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.804Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9436
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-17 02:16
Severity ?
EPSS score ?
Summary
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79164722.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-08-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1041432 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:17:52.294Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041432" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79164722." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041432" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9436", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79164722." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-08-01" }, { "name": "1041432", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041432" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9436", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-17T02:16:39.329Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0421
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32555637.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96096 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.187Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96096", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96096" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32555637." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96096", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96096" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0421", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32555637." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "96096", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96096" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0421", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.187Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13192
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 18:59
Severity ?
EPSS score ?
Summary
In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header.c a slice address of zero after the first slice could result in an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380202.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/102414 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.509Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102414" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header.c a slice address of zero after the first slice could result in an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380202." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102414" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13192", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header.c a slice address of zero after the first slice could result in an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380202." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" }, { "name": "102414", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102414" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13192", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T18:59:12.998Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6775
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31222873. References: N-CVE-2016-6775.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94674 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://nvidia.custhelp.com/app/answers/detail/a_id/4561 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.909Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94674", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94674" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31222873. References: N-CVE-2016-6775." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-18T17:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94674", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94674" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6775", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31222873. References: N-CVE-2016-6775." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "94674", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94674" }, { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6775", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.909Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0518
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm fingerprint sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32370896. References: QC-CR#1086530.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96950 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.648Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96950", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96950" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm fingerprint sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32370896. References: QC-CR#1086530." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96950", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96950" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0518", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm fingerprint sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32370896. References: QC-CR#1086530." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96950", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96950" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0518", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.648Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13187
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-17 00:02
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65034175.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-01-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/external/libhevc/+/7c9be319a279654e55a6d757265f88c61a16a4d5 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.528Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/7c9be319a279654e55a6d757265f88c61a16a4d5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65034175." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-12T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libhevc/+/7c9be319a279654e55a6d757265f88c61a16a4d5" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13187", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65034175." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "name": "https://android.googlesource.com/platform/external/libhevc/+/7c9be319a279654e55a6d757265f88c61a16a4d5", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libhevc/+/7c9be319a279654e55a6d757265f88c61a16a4d5" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13187", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T00:02:26.280Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9539
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In the ClearKey CAS descrambler, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-113027383
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105865 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-8.0 Android-8.1 Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.936Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105865", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105865" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-8.0 Android-8.1 Android-9" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In the ClearKey CAS descrambler, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-113027383" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-15T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105865", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105865" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9539", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-8.0 Android-8.1 Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the ClearKey CAS descrambler, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-113027383" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "105865", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105865" }, { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9539", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.936Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6753
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in kernel components, including the process-grouping subsystem and the networking subsystem, in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30149174.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94147 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.658Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94147", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94147" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in kernel components, including the process-grouping subsystem and the networking subsystem, in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30149174." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94147", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94147" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6753", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in kernel components, including the process-grouping subsystem and the networking subsystem, in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30149174." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94147", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94147" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6753", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.658Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13296
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-16 18:19
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897454.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.080Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897454." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13296", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897454." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13296", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T18:19:42.444Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0524
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33002026.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96808 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.791Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96808", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96808" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33002026." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96808", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96808" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0524", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33002026." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96808", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96808" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0524", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.791Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0608
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35400458. References: QC-CR#1098363.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98172 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.586Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98172", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98172" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35400458. References: QC-CR#1098363." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98172", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98172" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0608", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35400458. References: QC-CR#1098363." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98172", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98172" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0608", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.586Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0386
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32255299.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95256 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.059Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95256", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95256" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32255299." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95256", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95256" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0386", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32255299." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95256", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95256" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0386", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.059Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9532
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112765917
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.943Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112765917" } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-14T17:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9532", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112765917" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9532", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.943Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0825
Vulnerability from cvelistv5
Published
2017-10-03 21:00
Modified
2024-09-16 16:47
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37305633. References: B-V2017063002.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-10-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.285Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37305633. References: B-V2017063002." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-03T20:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-10-02T00:00:00", "ID": "CVE-2017-0825", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37305633. References: B-V2017063002." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-10-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0825", "datePublished": "2017-10-03T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T16:47:48.466Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0672
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 18:03
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android libraries. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-34778578.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.781Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android libraries. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-34778578." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-06T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0672", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android libraries. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-34778578." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0672", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T18:03:56.404Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6754
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of remote code execution in an unprivileged process. Android ID: A-31217937.
References
▼ | URL | Tags |
---|---|---|
https://www.exploit-db.com/exploits/40846/ | exploit, x_refsource_EXPLOIT-DB | |
http://www.securityfocus.com/bid/94204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.841Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "40846", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/40846/" }, { "name": "94204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of remote code execution in an unprivileged process. Android ID: A-31217937." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-22T21:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "40846", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/40846/" }, { "name": "94204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6754", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of remote code execution in an unprivileged process. Android ID: A-31217937." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "40846", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/40846/" }, { "name": "94204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94204" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6754", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.841Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8418
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product: Android. Versions: N/A. Android ID: A-32652894. References: QC-CR#1077457.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96058 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.247Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96058", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96058" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product: Android. Versions: N/A. Android ID: A-32652894. References: QC-CR#1077457." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96058", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96058" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8418", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product: Android. Versions: N/A. Android ID: A-32652894. References: QC-CR#1077457." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96058", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96058" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8418", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.247Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0501
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28430015. References: M-ALPS02708983.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96726 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.760Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96726", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96726" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28430015. References: M-ALPS02708983." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96726", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96726" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0501", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28430015. References: M-ALPS02708983." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96726", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96726" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0501", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.760Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0698
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 16:33
Severity ?
EPSS score ?
Summary
A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35467458.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:04.963Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35467458." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0698", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35467458." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0698", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T16:33:46.860Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6724
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Input Manager Service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to cause the device to continually reboot. This issue is rated as Moderate because it is a temporary denial of service that requires a factory reset to fix. Android ID: A-30568284.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94180 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.594Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94180", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94180" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Input Manager Service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to cause the device to continually reboot. This issue is rated as Moderate because it is a temporary denial of service that requires a factory reset to fix. Android ID: A-30568284." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94180", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94180" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6724", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Input Manager Service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to cause the device to continually reboot. This issue is rated as Moderate because it is a temporary denial of service that requires a factory reset to fix. Android ID: A-30568284." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "94180", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94180" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6724", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.594Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8480
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31804432. References: QC-CR#1086186.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96101 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.329Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96101", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96101" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31804432. References: QC-CR#1086186." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96101", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96101" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8480", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31804432. References: QC-CR#1086186." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96101", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96101" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8480", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.329Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0388
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the External Storage Provider could enable a local secondary user to read data from an external storage SD card inserted by the primary user. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32523490.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95252 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.074Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95252", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95252" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the External Storage Provider could enable a local secondary user to read data from an external storage SD card inserted by the primary user. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32523490." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95252", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95252" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0388", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the External Storage Provider could enable a local secondary user to read data from an external storage SD card inserted by the primary user. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32523490." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95252", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95252" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0388", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.074Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0580
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34325986.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97335 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.582Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97335", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97335" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34325986." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97335", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97335" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0580", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34325986." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97335", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97335" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0580", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.582Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13165
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 19:10
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.689Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-06T13:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13165", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13165", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T19:10:48.922Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9541
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450531
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105849 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.906Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105849", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105849" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450531" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-15T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105849", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105849" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9541", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450531" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "105849", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105849" }, { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9541", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.906Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9573
Vulnerability from cvelistv5
Published
2018-12-07 23:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In impd_parse_filt_block of impd_drc_dynamic_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116467350.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.975Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-12-07T00:00:00", "descriptions": [ { "lang": "en", "value": "In impd_parse_filt_block of impd_drc_dynamic_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116467350." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-07T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9573", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In impd_parse_filt_block of impd_drc_dynamic_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116467350." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9573", "datePublished": "2018-12-07T23:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.975Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-3904
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 00:10
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm bus driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30311977. References: Qualcomm QC-CR#1050455.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94210 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T00:10:31.865Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94210", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94210" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm bus driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30311977. References: Qualcomm QC-CR#1050455." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94210", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94210" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-3904", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm bus driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30311977. References: Qualcomm QC-CR#1050455." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "94210", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94210" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-3904", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-03-30T00:00:00", "dateUpdated": "2024-08-06T00:10:31.865Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0771
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-16 23:30
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100649 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.007Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100649", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100649" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0771", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "100649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100649" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0771", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T23:30:45.646Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0459
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32644895. References: QC-CR#1091939.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96743 | vdb-entry, x_refsource_BID | |
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?h=rel/msm-3.18&id=ffacf6e2dc41b6063c3564791ed7a2f903e7e3b7 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.181Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96743", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96743" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?h=rel/msm-3.18\u0026id=ffacf6e2dc41b6063c3564791ed7a2f903e7e3b7" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32644895. References: QC-CR#1091939." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96743", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96743" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?h=rel/msm-3.18\u0026id=ffacf6e2dc41b6063c3564791ed7a2f903e7e3b7" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0459", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32644895. References: QC-CR#1091939." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96743", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96743" }, { "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?h=rel/msm-3.18\u0026id=ffacf6e2dc41b6063c3564791ed7a2f903e7e3b7", "refsource": "CONFIRM", "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?h=rel/msm-3.18\u0026id=ffacf6e2dc41b6063c3564791ed7a2f903e7e3b7" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0459", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.181Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0529
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-28449427. References: M-ALPS02710042.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96810 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.321Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96810", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96810" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-28449427. References: M-ALPS02710042." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96810", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96810" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0529", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-28449427. References: M-ALPS02710042." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96810", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96810" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0529", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.321Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6767
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4. Android ID: A-31833604.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94688 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:43:37.641Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94688", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94688" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4. Android ID: A-31833604." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94688", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94688" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6767", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4. Android ID: A-31833604." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "94688", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94688" }, { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6767", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:43:37.641Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0454
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm audio driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33353700. References: QC-CR#1104067.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97399 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.205Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97399", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97399" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm audio driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33353700. References: QC-CR#1104067." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97399", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97399" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0454", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm audio driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33353700. References: QC-CR#1104067." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97399", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97399" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0454", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.205Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0426
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Filesystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32799236.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96099 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.151Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96099", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96099" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Filesystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32799236." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96099", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96099" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0426", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Filesystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32799236." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96099", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96099" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0426", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.151Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8395
Vulnerability from cvelistv5
Published
2017-01-12 15:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the NVIDIA camera driver could enable an attacker to cause a local permanent denial of service, which may require reflashing the operating system to repair the device. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: Kernel-3.10. Android ID: A-31403040. References: N-CVE-2016-8395.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-12-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94710 | vdb-entry, x_refsource_BID | |
http://nvidia.custhelp.com/app/answers/detail/a_id/4561 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.221Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94710", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94710" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2016-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the NVIDIA camera driver could enable an attacker to cause a local permanent denial of service, which may require reflashing the operating system to repair the device. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: Kernel-3.10. Android ID: A-31403040. References: N-CVE-2016-8395." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-18T17:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94710", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94710" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8395", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the NVIDIA camera driver could enable an attacker to cause a local permanent denial of service, which may require reflashing the operating system to repair the device. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: Kernel-3.10. Android ID: A-31403040. References: N-CVE-2016-8395." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-12-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-12-01.html" }, { "name": "94710", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94710" }, { "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8395", "datePublished": "2017-01-12T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.221Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13295
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-17 01:36
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android framework (package installer). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62537081.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:19.033Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android framework (package installer). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62537081." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13295", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android framework (package installer). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62537081." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13295", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T01:36:09.072Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0387
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32660278.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95258 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:56.980Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95258", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95258" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32660278." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95258", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95258" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0387", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32660278." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95258", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95258" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0387", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:56.980Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8441
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
Possible buffer overflow in the hypervisor. Inappropriate usage of a static array could lead to a buffer overrun. Product: Android. Versions: Kernel 3.18. Android ID: A-31625904. References: QC-CR#1027769.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95227 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.335Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95227" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "Possible buffer overflow in the hypervisor. Inappropriate usage of a static array could lead to a buffer overrun. Product: Android. Versions: Kernel 3.18. Android ID: A-31625904. References: QC-CR#1027769." } ], "problemTypes": [ { "descriptions": [ { "description": "Buffer Overflow", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95227" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8441", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Possible buffer overflow in the hypervisor. Inappropriate usage of a static array could lead to a buffer overrun. Product: Android. Versions: Kernel 3.18. Android ID: A-31625904. References: QC-CR#1027769." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95227", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95227" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8441", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.335Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0604
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-35392981. References: QC-CR#826589.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98151 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.609Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98151", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98151" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-35392981. References: QC-CR#826589." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-24T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98151", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98151" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0604", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-35392981. References: QC-CR#826589." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "98151", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98151" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0604", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.609Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0471
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33816782.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96717 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.544Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96717" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33816782." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96717" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0471", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33816782." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96717" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0471", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.544Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0833
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-16 23:06
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62896384.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-11-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101717 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.309Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101717", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101717" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62896384." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-17T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101717", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101717" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0833", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62896384." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "101717", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101717" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0833", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T23:06:47.331Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9517
Vulnerability from cvelistv5
Published
2018-12-07 23:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-09-01 | x_refsource_CONFIRM | |
https://usn.ubuntu.com/3932-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3932-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://access.redhat.com/errata/RHSA-2019:2043 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2019:2029 | vendor-advisory, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android Kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.834Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-09-01" }, { "name": "USN-3932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3932-1/" }, { "name": "USN-3932-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3932-2/" }, { "name": "RHSA-2019:2043", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2043" }, { "name": "RHSA-2019:2029", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2029" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android Kernel" } ] } ], "datePublic": "2018-12-07T00:00:00", "descriptions": [ { "lang": "en", "value": "In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-08-06T16:06:24", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-09-01" }, { "name": "USN-3932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3932-1/" }, { "name": "USN-3932-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3932-2/" }, { "name": "RHSA-2019:2043", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2043" }, { "name": "RHSA-2019:2029", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2029" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9517", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android Kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-09-01" }, { "name": "USN-3932-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3932-1/" }, { "name": "USN-3932-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3932-2/" }, { "name": "RHSA-2019:2043", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2043" }, { "name": "RHSA-2019:2029", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2029" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9517", "datePublished": "2018-12-07T23:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.834Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9527
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112159345
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105865 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.077Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105865", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105865" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112159345" } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-15T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105865", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105865" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9527", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112159345" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "105865", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105865" }, { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9527", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.077Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9560
Vulnerability from cvelistv5
Published
2018-12-06 14:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In HID_DevAddRecord of hidd_api.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth service with User execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-79946737.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/106147 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.078Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "106147", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106147" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-9" } ] } ], "datePublic": "2018-12-06T00:00:00", "descriptions": [ { "lang": "en", "value": "In HID_DevAddRecord of hidd_api.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth service with User execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-79946737." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-11T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "106147", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106147" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9560", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In HID_DevAddRecord of hidd_api.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth service with User execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-79946737." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "106147", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106147" }, { "name": "https://source.android.com/security/bulletin/2018-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9560", "datePublished": "2018-12-06T14:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.078Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13251
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-09-17 03:33
Severity ?
EPSS score ?
Summary
In impeg2d_dec_pic_data_thread of impeg2d_dec_hdr.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when running multi threaded with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69269702.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/103255 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-03-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:17.934Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "103255", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103255" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-03-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In impeg2d_dec_pic_data_thread of impeg2d_dec_hdr.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when running multi threaded with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69269702." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "103255", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103255" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-03-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2017-13251", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In impeg2d_dec_pic_data_thread of impeg2d_dec_hdr.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when running multi threaded with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69269702." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "103255", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103255" }, { "name": "https://source.android.com/security/bulletin/2018-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-03-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13251", "datePublished": "2018-04-04T17:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T03:33:37.130Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0688
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 19:41
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35584425.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99478 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:04.465Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35584425." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0688", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35584425." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "99478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99478" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0688", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T19:41:12.155Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9555
Vulnerability from cvelistv5
Published
2018-12-06 14:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112321180.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/106147 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.908Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "106147", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106147" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } ], "datePublic": "2018-12-06T00:00:00", "descriptions": [ { "lang": "en", "value": "In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112321180." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-11T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "106147", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106147" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9555", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112321180." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "106147", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106147" }, { "name": "https://source.android.com/security/bulletin/2018-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9555", "datePublished": "2018-12-06T14:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.908Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0407
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32873375.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96046 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.141Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96046", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96046" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32873375." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96046", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96046" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0407", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32873375." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96046", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96046" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0407", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.141Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13207
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 17:38
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (stagefright mpeg4writer). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37564426.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-01-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102526 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.618Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "name": "102526", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102526" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (stagefright mpeg4writer). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37564426." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-17T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "name": "102526", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102526" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13207", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (stagefright mpeg4writer). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37564426." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "name": "102526", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102526" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13207", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T17:38:18.159Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0562
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202425. References: M-ALPS02898189.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/97345 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.359Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "97345", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97345" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202425. References: M-ALPS02898189." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "97345", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97345" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0562", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202425. References: M-ALPS02898189." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "97345", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97345" }, { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0562", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.359Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13159
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 22:51
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879772.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/102109 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.580Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "102109", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102109" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879772." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-09T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "102109", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102109" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13159", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879772." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "102109", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102109" }, { "name": "https://source.android.com/security/bulletin/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13159", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T22:51:28.056Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13249
Vulnerability from cvelistv5
Published
2018-04-04 17:00
Modified
2024-09-17 03:17
Severity ?
EPSS score ?
Summary
In impeg2d_api_set_display_frame of impeg2d_api_main.c, there is an out of bound write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70399408.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/103255 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-03-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.950Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "103255", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103255" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-03-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In impeg2d_api_set_display_frame of impeg2d_api_main.c, there is an out of bound write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70399408." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-05T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "103255", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103255" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-03-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2017-13249", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In impeg2d_api_set_display_frame of impeg2d_api_main.c, there is an out of bound write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70399408." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "103255", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103255" }, { "name": "https://source.android.com/security/bulletin/2018-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-03-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13249", "datePublished": "2018-04-04T17:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T03:17:42.231Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9548
Vulnerability from cvelistv5
Published
2018-12-06 14:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112555574.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/106067 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.138Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "106067", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106067" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } ], "datePublic": "2018-12-06T00:00:00", "descriptions": [ { "lang": "en", "value": "In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112555574." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "106067", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106067" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9548", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112555574." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "106067", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106067" }, { "name": "https://source.android.com/security/bulletin/2018-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9548", "datePublished": "2018-12-06T14:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.138Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0849
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-16 18:23
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62688399.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.195Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62688399." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-16T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0849", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62688399." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0849", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T18:23:20.640Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9516
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-16 17:09
Severity ?
EPSS score ?
Summary
In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580.
References
▼ | URL | Tags |
---|---|---|
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html | mailing-list, x_refsource_MLIST | |
https://usn.ubuntu.com/3871-5/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3871-4/ | vendor-advisory, x_refsource_UBUNTU | |
https://source.android.com/security/bulletin/pixel/2018-09-01 | x_refsource_CONFIRM | |
https://www.debian.org/security/2018/dsa-4308 | vendor-advisory, x_refsource_DEBIAN | |
https://usn.ubuntu.com/3871-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3871-3/ | vendor-advisory, x_refsource_UBUNTU | |
https://access.redhat.com/errata/RHSA-2019:2043 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2019:2029 | vendor-advisory, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.866Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" }, { "name": "USN-3871-5", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3871-5/" }, { "name": "USN-3871-4", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3871-4/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-09-01" }, { "name": "DSA-4308", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4308" }, { "name": "USN-3871-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3871-1/" }, { "name": "USN-3871-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3871-3/" }, { "name": "RHSA-2019:2043", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2043" }, { "name": "RHSA-2019:2029", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2029" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-08-06T16:06:24", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" }, { "name": "USN-3871-5", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3871-5/" }, { "name": "USN-3871-4", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3871-4/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-09-01" }, { "name": "DSA-4308", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4308" }, { "name": "USN-3871-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3871-1/" }, { "name": "USN-3871-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3871-3/" }, { "name": "RHSA-2019:2043", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2043" }, { "name": "RHSA-2019:2029", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2029" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9516", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" }, { "name": "USN-3871-5", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3871-5/" }, { "name": "USN-3871-4", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3871-4/" }, { "name": "https://source.android.com/security/bulletin/pixel/2018-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-09-01" }, { "name": "DSA-4308", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4308" }, { "name": "USN-3871-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3871-1/" }, { "name": "USN-3871-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3871-3/" }, { "name": "RHSA-2019:2043", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2043" }, { "name": "RHSA-2019:2029", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2029" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9516", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-16T17:09:12.114Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9519
Vulnerability from cvelistv5
Published
2018-12-07 23:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-69808833.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-09-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android Kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.895Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android Kernel" } ] } ], "datePublic": "2018-12-07T00:00:00", "descriptions": [ { "lang": "en", "value": "In easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-69808833." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-07T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-09-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9519", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android Kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-69808833." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-09-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9519", "datePublished": "2018-12-07T23:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.895Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13292
Vulnerability from cvelistv5
Published
2018-04-04 16:00
Modified
2024-09-17 02:07
Severity ?
EPSS score ?
Summary
In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-70722061. References: B-V2018010201.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-04-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:18.972Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-70722061. References: B-V2018010201." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-04T15:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-04-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2017-13292", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-70722061. References: B-V2018010201." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-04-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13292", "datePublished": "2018-04-04T16:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T02:07:06.004Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0869
Vulnerability from cvelistv5
Published
2018-01-12 15:00
Modified
2024-09-16 18:43
Severity ?
EPSS score ?
Summary
NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References: N-CVE-2017-0869.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102374 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: NA |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.381Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "102374", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102374" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "NA" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References: N-CVE-2017-0869." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of Privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "102374", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102374" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-0869", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "NA" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References: N-CVE-2017-0869." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of Privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "102374", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102374" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0869", "datePublished": "2018-01-12T15:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T18:43:29.085Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9385
Vulnerability from cvelistv5
Published
2018-11-06 17:00
Modified
2024-09-17 04:20
Severity ?
EPSS score ?
Summary
In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74128061 References: Upstream kernel.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105887 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/pixel/2018-06-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:17:52.083Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105887", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105887" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-06-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74128061 References: Upstream kernel." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105887", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105887" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-06-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-9385", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74128061 References: Upstream kernel." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "105887", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105887" }, { "name": "https://source.android.com/security/bulletin/pixel/2018-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-06-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9385", "datePublished": "2018-11-06T17:00:00Z", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-09-17T04:20:44.846Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0525
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm IPA driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33139056. References: QC-CR#1097714.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96947 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
https://www.codeaurora.org/use-after-free-vulnerability-during-ipa-routing-commit-logic-cve-2017-0525 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.145Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96947", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96947" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.codeaurora.org/use-after-free-vulnerability-during-ipa-routing-commit-logic-cve-2017-0525" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm IPA driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33139056. References: QC-CR#1097714." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96947", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96947" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.codeaurora.org/use-after-free-vulnerability-during-ipa-routing-commit-logic-cve-2017-0525" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0525", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm IPA driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33139056. References: QC-CR#1097714." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96947", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96947" }, { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "https://www.codeaurora.org/use-after-free-vulnerability-during-ipa-routing-commit-logic-cve-2017-0525", "refsource": "CONFIRM", "url": "https://www.codeaurora.org/use-after-free-vulnerability-during-ipa-routing-commit-logic-cve-2017-0525" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0525", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.145Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0626
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393124. References: QC-CR#1088050.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98202 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.819Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98202", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98202" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393124. References: QC-CR#1088050." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "98202", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98202" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0626", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393124. References: QC-CR#1088050." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "98202", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98202" }, { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0626", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.819Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0576
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33544431. References: QC-CR#1103089.
References
▼ | URL | Tags |
---|---|---|
https://github.com/derrekr/android_security/commit/0dd1a733e60cf5239c0a185d4219ba2ef1118a8b | x_refsource_MISC | |
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97395 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.522Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/derrekr/android_security/commit/0dd1a733e60cf5239c0a185d4219ba2ef1118a8b" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97395", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97395" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33544431. References: QC-CR#1103089." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/derrekr/android_security/commit/0dd1a733e60cf5239c0a185d4219ba2ef1118a8b" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97395", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97395" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0576", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33544431. References: QC-CR#1103089." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/derrekr/android_security/commit/0dd1a733e60cf5239c0a185d4219ba2ef1118a8b", "refsource": "MISC", "url": "https://github.com/derrekr/android_security/commit/0dd1a733e60cf5239c0a185d4219ba2ef1118a8b" }, { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97395", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97395" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0576", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.522Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0860
Vulnerability from cvelistv5
Published
2017-11-16 23:00
Modified
2024-09-16 21:08
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Android system (inputdispatcher). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-31097064.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.470Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Android system (inputdispatcher). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-31097064." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-16T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0860", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Android system (inputdispatcher). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-31097064." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0860", "datePublished": "2017-11-16T23:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T21:08:52.545Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6707
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31350622.
References
▼ | URL | Tags |
---|---|---|
https://bugs.chromium.org/p/project-zero/issues/detail?id=928 | x_refsource_MISC | |
https://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-ashmem.html | x_refsource_MISC | |
http://www.securityfocus.com/bid/94164 | vdb-entry, x_refsource_BID | |
https://www.exploit-db.com/exploits/40874/ | exploit, x_refsource_EXPLOIT-DB | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.542Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=928" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-ashmem.html" }, { "name": "94164", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94164" }, { "name": "40874", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/40874/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31350622." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-02-06T06:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=928" }, { "tags": [ "x_refsource_MISC" ], "url": "https://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-ashmem.html" }, { "name": "94164", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94164" }, { "name": "40874", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/40874/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6707", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31350622." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=928", "refsource": "MISC", "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=928" }, { "name": "https://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-ashmem.html", "refsource": "MISC", "url": "https://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-ashmem.html" }, { "name": "94164", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94164" }, { "name": "40874", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/40874/" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6707", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.542Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13213
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-17 03:43
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-63374465. References: B-V2017081501.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-01-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android kernel |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.703Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-63374465. References: B-V2017081501." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-12T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13213", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-63374465. References: B-V2017081501." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13213", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T03:43:05.438Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0422
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322088.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96097 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.174Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96097", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96097" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322088." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96097", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96097" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0422", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322088." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96097", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96097" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0422", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.174Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0419
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32220769.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96055 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 Version: Android-5.0.2 Version: Android-5.1.1 Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.148Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96055", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96055" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" }, { "status": "affected", "version": "Android-5.0.2" }, { "status": "affected", "version": "Android-5.1.1" }, { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32220769." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96055", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96055" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0419", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" }, { "version_value": "Android-5.0.2" }, { "version_value": "Android-5.1.1" }, { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32220769." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96055", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96055" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0419", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.148Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13194
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-17 04:25
Severity ?
EPSS score ?
Summary
A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-01-01 | x_refsource_CONFIRM | |
https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9 | x_refsource_CONFIRM | |
https://lists.debian.org/debian-lts-announce/2018/02/msg00025.html | mailing-list, x_refsource_MLIST | |
https://www.debian.org/security/2018/dsa-4132 | vendor-advisory, x_refsource_DEBIAN | |
https://usn.ubuntu.com/4199-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/4199-2/ | vendor-advisory, x_refsource_UBUNTU |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.646Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9" }, { "name": "[debian-lts-announce] 20180224 [SECURITY] [DLA 1290-1] libvpx security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00025.html" }, { "name": "DSA-4132", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4132" }, { "name": "USN-4199-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4199-1/" }, { "name": "USN-4199-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4199-2/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201." } ], "problemTypes": [ { "descriptions": [ { "description": "Other", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-23T23:06:12", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9" }, { "name": "[debian-lts-announce] 20180224 [SECURITY] [DLA 1290-1] libvpx security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00025.html" }, { "name": "DSA-4132", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4132" }, { "name": "USN-4199-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4199-1/" }, { "name": "USN-4199-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4199-2/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13194", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Other" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "name": "https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9", "refsource": "CONFIRM", "url": "https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9" }, { "name": "[debian-lts-announce] 20180224 [SECURITY] [DLA 1290-1] libvpx security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00025.html" }, { "name": "DSA-4132", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4132" }, { "name": "USN-4199-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4199-1/" }, { "name": "USN-4199-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4199-2/" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13194", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T04:25:14.622Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6732
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906599. References: NVIDIA N-CVE-2016-6732.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94140 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.534Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94140", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94140" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906599. References: NVIDIA N-CVE-2016-6732." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94140", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94140" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6732", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906599. References: NVIDIA N-CVE-2016-6732." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "94140", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94140" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6732", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.534Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0721
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-16 20:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37561455.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.488Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37561455." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0721", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37561455." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0721", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T20:11:46.222Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0753
Vulnerability from cvelistv5
Published
2017-09-08 20:00
Modified
2024-09-17 02:56
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android libraries (libgdx). Product: Android. Versions: 7.1.1, 7.1.2, 8.0. Android ID: A-62218744.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100650 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.280Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100650", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100650" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android libraries (libgdx). Product: Android. Versions: 7.1.1, 7.1.2, 8.0. Android ID: A-62218744." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-09T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100650", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100650" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-05T00:00:00", "ID": "CVE-2017-0753", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android libraries (libgdx). Product: Android. Versions: 7.1.1, 7.1.2, 8.0. Android ID: A-62218744." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100650", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100650" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0753", "datePublished": "2017-09-08T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T02:56:36.912Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13202
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-17 00:55
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67647856.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-01-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102521 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.526Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "name": "102521", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102521" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67647856." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-17T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "name": "102521", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102521" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13202", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67647856." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" }, { "name": "102521", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102521" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13202", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-17T00:55:32.044Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0438
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402604. References: QC-CR#1092497.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96047 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.154Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96047", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402604. References: QC-CR#1092497." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96047", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0438", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402604. References: QC-CR#1092497." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96047", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0438", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.154Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13150
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 18:55
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-38328132.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.556Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-38328132." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-06T13:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-13150", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-38328132." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/pixel/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13150", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T18:55:39.569Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8474
Vulnerability from cvelistv5
Published
2017-01-12 20:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31799972.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95233 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.405Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95233", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95233" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2017-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31799972." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95233", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95233" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8474", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31799972." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "95233", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95233" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8474", "datePublished": "2017-01-12T20:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.405Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9547
Vulnerability from cvelistv5
Published
2018-12-06 14:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In unflatten of GraphicBuffer.cpp, there is a possible bad fd close due to improper input validation. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-114223584.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/106067 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-8.1 Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:56.155Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "106067", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106067" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-8.1 Android-9" } ] } ], "datePublic": "2018-12-06T00:00:00", "descriptions": [ { "lang": "en", "value": "In unflatten of GraphicBuffer.cpp, there is a possible bad fd close due to improper input validation. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-114223584." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-07T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "106067", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106067" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9547", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-8.1 Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In unflatten of GraphicBuffer.cpp, there is a possible bad fd close due to improper input validation. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-114223584." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "106067", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106067" }, { "name": "https://source.android.com/security/bulletin/2018-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9547", "datePublished": "2018-12-06T14:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:56.155Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6708
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is rated as High because it is a local bypass of user interaction requirements for any developer or security setting modifications. Android ID: A-30693465.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94166 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.475Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94166", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94166" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is rated as High because it is a local bypass of user interaction requirements for any developer or security setting modifications. Android ID: A-30693465." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94166", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94166" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6708", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is rated as High because it is a local bypass of user interaction requirements for any developer or security setting modifications. Android ID: A-30693465." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "94166", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94166" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6708", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.475Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0722
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-16 16:33
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37660827.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/100204 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:05.448Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37660827." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "100204", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100204" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-08-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-08-07T00:00:00", "ID": "CVE-2017-0722", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37660827." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "100204", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100204" }, { "name": "https://source.android.com/security/bulletin/2017-08-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-08-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0722", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T16:33:10.227Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6748
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30076504. References: Qualcomm QC-CR#987018.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94139 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.675Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94139", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94139" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30076504. References: Qualcomm QC-CR#987018." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94139", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94139" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6748", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30076504. References: Qualcomm QC-CR#987018." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "94139", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94139" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6748", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.675Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0782
Vulnerability from cvelistv5
Published
2017-09-14 19:00
Modified
2024-09-17 03:17
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237.
References
▼ | URL | Tags |
---|---|---|
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | x_refsource_CONFIRM | |
https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100822 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 4.4.4 Version: 5.0.2 Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.349Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100822", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100822" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "4.4.4" }, { "status": "affected", "version": "5.0.2" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" } ] } ], "datePublic": "2017-09-12T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-18T01:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100822", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100822" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-09-12T00:00:00", "ID": "CVE-2017-0782", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "4.4.4" }, { "version_value": "5.0.2" }, { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "name": "https://source.android.com/security/bulletin/2017-09-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-09-01" }, { "name": "100822", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100822" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0782", "datePublished": "2017-09-14T19:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T03:17:52.858Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9549
Vulnerability from cvelistv5
Published
2018-12-06 14:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In lppTransposer of lpp_tran.cpp there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112160868.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/106137 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-12-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.915Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "106137", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106137" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } ], "datePublic": "2018-12-06T00:00:00", "descriptions": [ { "lang": "en", "value": "In lppTransposer of lpp_tran.cpp there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112160868." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-08T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "106137", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106137" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-12-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9549", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In lppTransposer of lpp_tran.cpp there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112160868." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "106137", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106137" }, { "name": "https://source.android.com/security/bulletin/2018-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-12-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9549", "datePublished": "2018-12-06T14:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.915Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6744
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30970485.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94131 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.544Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94131", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94131" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30970485." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94131", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94131" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6744", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30970485." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "94131", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94131" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6744", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.544Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0473
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33982658.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96717 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.530Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96717" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33982658." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96717" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0473", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33982658." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96717", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96717" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0473", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.530Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0569
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34198729. References: B-RB#110666.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97331 | vdb-entry, x_refsource_BID | |
https://www.exploit-db.com/exploits/41808/ | exploit, x_refsource_EXPLOIT-DB | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.527Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97331", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97331" }, { "name": "41808", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/41808/" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34198729. References: B-RB#110666." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97331", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97331" }, { "name": "41808", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/41808/" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0569", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34198729. References: B-RB#110666." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "97331", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97331" }, { "name": "41808", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/41808/" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0569", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.527Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0606
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34088848. References: QC-CR#1116015.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98168 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.913Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98168", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98168" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34088848. References: QC-CR#1116015." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-15T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98168", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98168" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0606", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34088848. References: QC-CR#1116015." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98168", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98168" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0606", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.913Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0625
Vulnerability from cvelistv5
Published
2017-05-12 15:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the MediaTek command queue driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-35142799. References: M-ALPS03161531.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-05-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98201 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.874Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98201", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the MediaTek command queue driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-35142799. References: M-ALPS03161531." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-24T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98201", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0625", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the MediaTek command queue driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-35142799. References: M-ALPS03161531." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01" }, { "name": "98201", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0625", "datePublished": "2017-05-12T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.874Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0490
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to delete user data. This issue is rated as Moderate because it is a local bypass of user interaction requirements that would normally require either user initiation or user permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33178389.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96790 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.745Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96790", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to delete user data. This issue is rated as Moderate because it is a local bypass of user interaction requirements that would normally require either user initiation or user permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33178389." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96790", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0490", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to delete user data. This issue is rated as Moderate because it is a local bypass of user interaction requirements that would normally require either user initiation or user permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33178389." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96790", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96790" }, { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0490", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.745Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0877
Vulnerability from cvelistv5
Published
2017-12-06 14:00
Modified
2024-09-16 18:03
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-66372937.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-12-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102126 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 6.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:18:06.455Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102126" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "6.0" } ] } ], "datePublic": "2017-12-04T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-66372937." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-12T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102126" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-0877", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "6.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-66372937." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-12-01" }, { "name": "102126", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102126" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0877", "datePublished": "2017-12-06T14:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T18:03:31.744Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13234
Vulnerability from cvelistv5
Published
2018-02-12 19:00
Modified
2024-09-16 18:28
Severity ?
EPSS score ?
Summary
In DLSParser of the sonivox library, there is possible resource exhaustion due to a memory leak. This could lead to remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68159767.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2018-02-01 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102976 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: 5.1.1 Version: 6.0 Version: 6.0.1 Version: 7.0 Version: 7.1.1 Version: 7.1.2 Version: 8.0 Version: 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:17.919Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-02-01" }, { "name": "102976", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102976" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.0.1" }, { "status": "affected", "version": "7.0" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "8.0" }, { "status": "affected", "version": "8.1" } ] } ], "datePublic": "2018-02-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In DLSParser of the sonivox library, there is possible resource exhaustion due to a memory leak. This could lead to remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68159767." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-02-01" }, { "name": "102976", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102976" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-02-05T00:00:00", "ID": "CVE-2017-13234", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "5.1.1" }, { "version_value": "6.0" }, { "version_value": "6.0.1" }, { "version_value": "7.0" }, { "version_value": "7.1.1" }, { "version_value": "7.1.2" }, { "version_value": "8.0" }, { "version_value": "8.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In DLSParser of the sonivox library, there is possible resource exhaustion due to a memory leak. This could lead to remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68159767." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2018-02-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-02-01" }, { "name": "102976", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102976" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13234", "datePublished": "2018-02-12T19:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T18:28:36.185Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0486
Vulnerability from cvelistv5
Published
2017-03-08 01:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33621215.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037968 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96733 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 Version: Android-7.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:05.510Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96733", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96733" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" }, { "status": "affected", "version": "Android-7.1.1" } ] } ], "datePublic": "2017-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33621215." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96733", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96733" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0486", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" }, { "version_value": "Android-7.1.1" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33621215." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-03-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "name": "1037968", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037968" }, { "name": "96733", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96733" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0486", "datePublished": "2017-03-08T01:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:05.510Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0442
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32871330. References: QC-CR#1092497.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96047 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037798 | vdb-entry, x_refsource_SECTRACK | |
https://source.android.com/security/bulletin/2017-02-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Version: Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:03:57.182Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96047", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10" }, { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32871330. References: QC-CR#1092497." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "96047", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0442", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10" }, { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32871330. References: QC-CR#1092497." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "96047", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96047" }, { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0442", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:03:57.182Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0650
Vulnerability from cvelistv5
Published
2017-06-14 13:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35472278.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1038623 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Kernel-3.10 Kernel-3.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.912Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038623" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.10 Kernel-3.18" } ] } ], "datePublic": "2017-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35472278." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-07T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "1038623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038623" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0650", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.10 Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35472278." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-06-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "name": "1038623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038623" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0650", "datePublished": "2017-06-14T13:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.912Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0671
Vulnerability from cvelistv5
Published
2017-07-06 20:00
Modified
2024-09-16 17:27
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in the Android libraries. Product: Android. Versions: 4.4.4. Android ID: A-34514762.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-07-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-4.4.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.709Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-4.4.4" } ] } ], "datePublic": "2017-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Android libraries. Product: Android. Versions: 4.4.4. Android ID: A-34514762." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-06T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2017-07-05T00:00:00", "ID": "CVE-2017-0671", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-4.4.4" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Android libraries. Product: Android. Versions: 4.4.4. Android ID: A-34514762." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0671", "datePublished": "2017-07-06T20:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-16T17:27:48.195Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-9540
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-08-05 07:24
Severity ?
EPSS score ?
Summary
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450417
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105849 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2018-11-01 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:24:55.833Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105849", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105849" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } ], "datePublic": "2018-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450417" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-15T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "105849", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105849" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-11-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2018-9540", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450417" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "105849", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105849" }, { "name": "https://source.android.com/security/bulletin/2018-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-11-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9540", "datePublished": "2018-11-14T18:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2024-08-05T07:24:55.833Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6721
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Android ID: A-30875060.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94143 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2016-11-01.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: Android-6.0 Version: Android-6.0.1 Version: Android-7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.566Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94143", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94143" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android-6.0" }, { "status": "affected", "version": "Android-6.0.1" }, { "status": "affected", "version": "Android-7.0" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Android ID: A-30875060." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94143", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94143" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6721", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-6.0" }, { "version_value": "Android-6.0.1" }, { "version_value": "Android-7.0" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Android ID: A-30875060." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "94143", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94143" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6721", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.566Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-0566
Vulnerability from cvelistv5
Published
2017-04-07 22:00
Modified
2024-08-05 13:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the MediaTek camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28470975. References: M-ALPS02696367.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/97351 | vdb-entry, x_refsource_BID | |
https://source.android.com/security/bulletin/2017-04-01 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1038201 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Google Inc. | Android |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:11:06.360Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "97351", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97351" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-04-03T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability in the MediaTek camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28470975. References: M-ALPS02696367." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "97351", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97351" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "1038201", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2017-0566", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability in the MediaTek camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28470975. References: M-ALPS02696367." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "97351", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97351" }, { "name": "https://source.android.com/security/bulletin/2017-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-04-01" }, { "name": "1038201", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038201" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0566", "datePublished": "2017-04-07T22:00:00", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-08-05T13:11:06.360Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }