| Month | Quarter | Year |
|---|---|---|
| #11 | #11 | #12 |
| CVE-ID | CWE-ID | Type | Score |
|---|---|---|---|
| CVE-2017-6258 | CWE-787 | Out-of-bounds Write | 7.8 |
|
NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-38027496. Reference: N-CVE-2017-6258.
|
|||
| CVE-2017-18154 | CWE-264 | Permissions, Privileges, and Access Control | 7.8 |
|
A crafted binder request can cause an arbitrary unmap in MediaServer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
|
|||
| CVE-2017-17767 | CWE-119 | Buffer Errors | 7.8 |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, the IL client may free a buffer OMX Video Encoder Component and then subsequently access the already freed buffer.
|
|||
| CVE-2017-14904 | CWE-264 | Permissions, Privileges, and Access Control | 7.8 |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a crafted binder request can cause an arbitrary unmap in MediaServer.
|
|||
| CVE-2017-14903 | CWE-119 | Buffer Errors | 5.3 |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the SENDACTIONFRAME IOCTL, a buffer over-read can occur if the payload length is less than 7.
|
|||
| CVE-2017-13241 | CWE-200 | Information Leak / Disclosure | 7.5 |
|
A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-69065651.
|
|||
| CVE-2017-13231 | CWE-787 | Out-of-bounds Write | 7.8 |
|
In libmediadrm, there is an out-of-bounds write due to improper input validation. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67962232.
|
|||
| CVE-2017-13221 | CWE-264 | Permissions, Privileges, and Access Control | 7.8 |
|
An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versions: Android kernel. Android ID: A-64709938.
|
|||
| CVE-2017-13213 | CWE-264 | Permissions, Privileges, and Access Control | 7.8 |
|
An elevation of privilege vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-63374465. References: B-V2017081501.
|
|||
| CVE-2017-13201 | CWE-200 | Information Leak / Disclosure | 7.5 |
|
An information disclosure vulnerability in the Android media framework (mediadrm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63982768.
|
|||