| Month | Quarter | Year |
|---|---|---|
| #88 | #186 | #N/A |
| CVE-ID | CWE-ID | Type | Score |
|---|---|---|---|
| CVE-2019-2016 | CWE-787 | Out-of-bounds Write | 8.8 |
|
In NFA_SendRawFrame of nfa_dm_api.cc, there is a possible out-of-bound write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-120664978
|
|||
| CVE-2018-9568 | CWE-704 | Incorrect Type Conversion or Cast | 7.8 |
|
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.
|
|||
| CVE-2017-9708 | CWE-362 | Race Conditions | 7.0 |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the camera driver, the function "msm_ois_power_down" is called without a mutex and a race condition can occur in variable "*reg_ptr" of sub function "msm_camera_config_single_vreg".
|
|||
| CVE-2017-13170 | CWE-264 | Permissions, Privileges, and Access Control | 7.8 |
|
An elevation of privilege vulnerability in the MediaTek display driver. Product: Android. Versions: Android kernel. Android ID A-36102397. References: M-ALPS03359280.
|
|||
| CVE-2017-13164 | CWE-200 | Information Leak / Disclosure | 7.5 |
|
An information disclosure vulnerability in the kernel binder driver. Product: Android. Versions: Android kernel. Android ID A-36007193.
|
|||
| CVE-2017-0842 | CWE-264 | Permissions, Privileges, and Access Control | 7.8 |
|
An elevation of privilege vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37502513.
|
|||
| CVE-2017-0588 | CWE-119 | Buffer Errors | 7.8 |
|
A remote code execution vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34618607.
|
|||
| CVE-2017-0404 | CWE-264 | Permissions, Privileges, and Access Control | 7.0 |
|
An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32510733.
|
|||