CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2017-8279 362 2017-11-16 2019-10-03
5.0
None Remote Low Not required Partial None None
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, missing race condition protection while updating msg mask table can lead to buffer over-read. Also access to freed memory can happen while updating msg_mask information.
352 CVE-2017-8270 362 2017-08-18 2017-08-22
5.1
None Remote High Not required Partial Partial Partial
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition.
353 CVE-2017-8266 362 2017-08-18 2017-08-22
5.1
None Remote High Not required Partial Partial Partial
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.
354 CVE-2017-8265 362 2017-08-18 2017-08-22
5.1
None Remote High Not required Partial Partial Partial
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free.
355 CVE-2017-7759 200 +Info 2018-06-11 2018-08-07
5.0
None Remote Low Not required Partial None None
Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reading of local data through a violation of same-origin policy. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 54.
356 CVE-2017-6421 120 Overflow 2017-08-16 2019-10-03
5.8
None Local Network Low Not required Partial Partial Partial
In the touch controller function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable may be controlled by the user and can lead to a buffer overflow.
357 CVE-2017-6280 200 +Info 2018-03-06 2018-03-27
5.0
None Remote Low Not required Partial None None
NVIDIA driver contains a possible out-of-bounds read vulnerability due to a leak which may lead to information disclosure. This issue is rated as moderate. Android: A-63851980.
358 CVE-2017-6275 200 +Info 2017-11-14 2019-08-02
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability exists in the Thermal Driver, where a missing bounds checking in the thermal driver could allow a read from an arbitrary kernel address. This issue is rated as moderate. Product: Pixel. Versions: N/A. Android ID: A-34702397. References: N-CVE-2017-6275.
359 CVE-2017-0851 200 +Info 2017-11-16 2017-12-07
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-35430570.
360 CVE-2017-0850 200 +Info 2017-11-16 2017-12-07
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-64836941.
361 CVE-2017-0849 200 +Info 2017-11-16 2017-12-07
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62688399.
362 CVE-2017-0848 200 +Info 2017-11-16 2017-12-07
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64477217.
363 CVE-2017-0846 200 +Info 2018-01-12 2018-02-01
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android framework (clipboardservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64934810.
364 CVE-2017-0845 732 DoS 2017-11-16 2019-10-03
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827.
365 CVE-2017-0840 200 +Info 2017-11-16 2017-12-07
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62948670.
366 CVE-2017-0839 200 +Info 2017-11-16 2017-12-07
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64478003.
367 CVE-2017-0825 200 +Info 2017-10-04 2017-10-12
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37305633. References: B-V2017063002.
368 CVE-2017-0823 200 +Info 2017-10-04 2017-10-12
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android system (rild). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37896655.
369 CVE-2017-0817 200 +Info 2017-10-04 2017-10-12
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63522430.
370 CVE-2017-0813 772 DoS 2017-10-04 2019-10-03
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36531046.
371 CVE-2017-0808 200 +Info 2017-10-04 2017-10-12
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android framework (file system). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62301183.
372 CVE-2017-0791 2017-09-08 2019-10-03
5.8
None Local Network Low Not required Partial Partial Partial
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37306719. References: B-V2017052302.
373 CVE-2017-0790 2017-09-08 2019-10-03
5.8
None Local Network Low Not required Partial Partial Partial
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37357704. References: B-V2017053101.
374 CVE-2017-0789 2017-09-08 2019-10-03
5.8
None Local Network Low Not required Partial Partial Partial
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37685267. References: B-V2017053102.
375 CVE-2017-0788 2017-09-08 2019-10-03
5.8
None Local Network Low Not required Partial Partial Partial
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722328. References: B-V2017053103.
376 CVE-2017-0787 2017-09-08 2019-10-03
5.8
None Local Network Low Not required Partial Partial Partial
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722970. References: B-V2017053104.
377 CVE-2017-0786 2017-09-08 2019-10-03
5.8
None Local Network Low Not required Partial Partial Partial
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101.
378 CVE-2017-0784 732 2017-09-08 2019-10-03
5.8
None Local Network Low Not required Partial Partial Partial
A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958.
379 CVE-2017-0748 200 +Info 2018-04-05 2018-04-17
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Qualcomm audio driver. Product: Android. Versions: Android Kernel. Android ID: A-35764875. References: QC-CR#2029798.
380 CVE-2017-0603 369 DoS 2017-05-12 2019-10-03
5.4
None Remote High Not required None None Complete
A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35763994.
381 CVE-2017-0497 DoS 2017-03-08 2019-10-03
5.4
None Remote High Not required None None Complete
A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33300701.
382 CVE-2016-11046 20 2020-04-07 2020-04-07
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with JBP(4.3), KK(4.4), and L(5.0/5.1) software. Because of a misused whitelist, attackers can reach the radio layer (aka RIL or RILD) to place calls or send SMS messages. The Samsung ID is SVE-2016-5733 (May 2016).
383 CVE-2016-11043 326 2020-04-07 2020-04-07
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with M(6.0) software. The S/MIME implementation in EAS uses DES (where 3DES is intended). The Samsung ID is SVE-2016-5871 (June 2016).
384 CVE-2016-11042 287 Bypass 2020-04-07 2020-04-07
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. There is a SIM Lock bypass. The Samsung ID is SVE-2016-5381 (June 2016).
385 CVE-2016-11032 20 2020-04-07 2020-04-07
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with M(6.0) software. An attacker can disable all Sound functionality by broadcasting an unprotected intent. The Samsung IDs are SVE-2016-7179 and SVE-2016-7182 (November 2016).
386 CVE-2016-11029 522 2020-04-07 2020-04-07
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.0) software. Attackers can read the password of the Mobile Hotspot in the log because of an unprotected intent. The Samsung ID is SVE-2016-7301 (December 2016).
387 CVE-2016-10339 200 +Info 2017-06-13 2017-07-08
5.8
None Remote Medium Not required Partial Partial None
In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read contents of the keystore.
388 CVE-2016-10235 20 DoS 2018-04-04 2018-05-04
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-34390620. References: QC-CR#1046409.
389 CVE-2016-8486 200 +Info 2018-04-04 2018-05-04
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823691.
390 CVE-2016-8485 200 +Info 2018-04-04 2018-05-04
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823681.
391 CVE-2016-7153 200 +Info 2016-09-06 2017-02-19
5.0
None Remote Low Not required Partial None None
The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
392 CVE-2016-7152 200 +Info 2016-09-06 2017-02-19
5.0
None Remote Low Not required Partial None None
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
393 CVE-2016-6723 284 DoS 2016-11-25 2019-03-07
5.4
None Remote High Not required None None Complete
A denial of service vulnerability in Proxy Auto Config in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Android ID: A-30100884.
394 CVE-2016-5696 200 +Info 2016-08-06 2021-11-17
5.8
None Remote Medium Not required None Partial Partial
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.
395 CVE-2016-5168 346 Bypass +Info 2017-04-21 2017-04-27
5.0
None Remote Low Not required Partial None None
Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information.
396 CVE-2016-5141 20 2016-08-07 2017-07-01
5.0
None Remote Low Not required None Partial None
Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp.
397 CVE-2016-3831 20 DoS 2016-08-05 2016-11-28
5.0
None Remote Low Not required None None Partial
The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device crash) via a NITZ time value of 2038-01-19 or later that is mishandled by the system clock, aka internal bug 29083635, related to a "Year 2038 problem."
398 CVE-2016-3764 20 +Info 2016-07-11 2016-07-12
5.0
None Remote Low Not required Partial None None
media/libmediaplayerservice/MetadataRetrieverClient.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive pointer information via a crafted application, aka internal bug 28377502.
399 CVE-2016-3763 20 2016-07-11 2016-07-12
5.0
None Remote Low Not required Partial None None
net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, aka internal bug 27593919.
400 CVE-2016-3760 20 +Priv 2016-07-11 2016-07-12
5.4
None Local Network Medium Not required Partial Partial Partial
Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows local users to gain privileges by establishing a pairing that remains present during a session of the primary user, aka internal bug 27410683.
Total number of vulnerabilities : 642   Page : 1 2 3 4 5 6 7 8 (This Page)9 10 11 12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.