Total
7741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7770 | 2 Google, Mozilla | 2 Android, Firefox | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| A mechanism where when a new tab is loaded through JavaScript events, if fullscreen mode is then entered, the addressbar will not be rendered. This would allow a malicious site to displayed a spoofed addressbar, showing the location of an arbitrary website instead of the one loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 54. | |||||
| CVE-2016-5298 | 2 Google, Mozilla | 2 Android, Firefox | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 50. | |||||
| CVE-2017-9681 | 1 Google | 1 Android | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, if kernel memory address is passed from userspace through iris_vidioc_s_ext_ctrls ioctl, it will print kernel address data. A user could set it to an arbitrary kernel address, hence information disclosure (for kernel) could occur. | |||||
| CVE-2017-18056 | 1 Google | 1 Android | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev_id in wma_unified_bcntx_status_event_handler() which is received from firmware leads to potential out of bounds memory read. | |||||
| CVE-2017-13243 | 1 Google | 1 Android | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A information disclosure vulnerability in the Android system (ui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. ID: A-38258991. | |||||
| CVE-2017-18061 | 1 Google | 1 Android | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, potential buffer overflow can happen when processing AOA measurement event from WIGIG firmware in wil_aoa_evt_meas(). | |||||
| CVE-2017-15856 | 1 Google | 1 Android | 2023-12-10 | 4.4 MEDIUM | 7.0 HIGH |
| Due to a race condition while processing the power stats debug file to read status, a double free condition can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | |||||
| CVE-2018-5829 | 1 Google | 1 Android | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| In wlan_hdd_cfg80211_set_privacy_ibss() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer over-read can potentially occur. | |||||
| CVE-2017-18060 | 1 Google | 1 Android | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for resp_event->vdev_id in wma_unified_bcntx_status_event_handler(), which is received from firmware, leads to potential out of bounds memory read. | |||||
| CVE-2018-3572 | 1 Google | 1 Android | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| While processing a DSP buffer in an audio driver's event handler, an index of a buffer is not checked before accessing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2018-5851 | 1 Google | 1 Android | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| Buffer over flow can occur while processing a HTT_T2H_MSG_TYPE_TX_COMPL_IND message with an out-of-range num_msdus value in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2018-6246 | 1 Google | 1 Android | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Android before the 2018-05-05 security patch level, NVIDIA Widevine Trustlet contains a vulnerability in Widevine TA where the software reads data past the end, or before the beginning, of the intended buffer, which may lead to Information Disclosure. This issue is rated as moderate. Android: A-69383916. Reference: N-CVE-2018-6246. | |||||
| CVE-2017-5392 | 2 Google, Mozilla | 2 Android, Firefox | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. | |||||
| CVE-2018-5848 | 3 Debian, Google, Redhat | 6 Debian Linux, Android, Enterprise Linux Desktop and 3 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2017-7817 | 2 Google, Mozilla | 2 Android, Firefox | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 56. | |||||
| CVE-2017-13261 | 1 Google | 1 Android | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In bnep_process_control_packet of bnep_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177292. | |||||
| CVE-2015-9015 | 1 Google | 1 Android | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714120. | |||||
| CVE-2016-8484 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823575. | |||||
| CVE-2017-15851 | 1 Google | 1 Android | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| Lack of copy_from_user and information leak in function "msm_ois_subdev_do_ioctl, file msm_ois.c can lead to a camera crash in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel | |||||
| CVE-2017-13228 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
| In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478425. | |||||