Mobile device vulnerabilities

Showing 2651 - 2700 of 4.2K CVEs

  1. CVE-2017-0757 Published Sep 8, 2017

    A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36006815.

  2. CVE-2017-0756 Published Sep 8, 2017

    A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073.

  3. CVE-2017-0755 Published Sep 8, 2017

    A elevation of privilege vulnerability in the Android libraries (libminikin). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-32178311.

  4. CVE-2017-0753 Published Sep 8, 2017

    A remote code execution vulnerability in the Android libraries (libgdx). Product: Android. Versions: 7.1.1, 7.1.2, 8.0. Android ID: A-62218744.

  5. CVE-2017-0752 Published Sep 8, 2017

    A elevation of privilege vulnerability in the Android framework (windowmanager). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835.

  6. CVE-2017-0805 Published Aug 24, 2017

    A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237701.

  7. CVE-2017-9685 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition.

  8. CVE-2017-9684 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition.

  9. CVE-2017-9682 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition.

  10. CVE-2017-9680 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error message.

  11. CVE-2017-9679 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs.

  12. CVE-2017-9678 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy().

  13. CVE-2017-7364 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an error condition, this user-provided address will be freed (arbitrary free), and continued operation could result in use after free condition.

  14. CVE-2017-8272 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap write.

  15. CVE-2017-8270 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition.

  16. CVE-2017-8268 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver performing a heap buffer over-read.

  17. CVE-2017-8267 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write.

  18. CVE-2017-8266 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.

  19. CVE-2017-8265 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free.

  20. CVE-2017-8263 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace.

  21. CVE-2017-8262 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition.

  22. CVE-2017-8261 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur.

  23. CVE-2017-8260 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later.

  24. CVE-2017-8257 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use.

  25. CVE-2017-8256 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses.

  26. CVE-2017-8255 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot.

  27. CVE-2017-8254 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid.

  28. CVE-2017-8253 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace.

  29. CVE-2016-5872 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated.

  30. CVE-2016-5871 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file.

  31. CVE-2016-10392 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory.

  32. CVE-2016-10391 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity.

  33. CVE-2016-10390 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed.

  34. CVE-2016-10389 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a possibility of writing beyond the intended partition.

  35. CVE-2016-10388 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application.

  36. CVE-2016-10387 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario.

  37. CVE-2016-10386 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, an array index out of bounds vulnerability exists in LPP.

  38. CVE-2016-10385 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS.

  39. CVE-2016-10384 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl.

  40. CVE-2016-10383 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI.

  41. CVE-2016-10382 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient.

  42. CVE-2016-10381 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location.

  43. CVE-2016-10380 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location.

  44. CVE-2016-10347 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hypervisor function is not properly validated.

  45. CVE-2016-10346 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in the hypervisor.

  46. CVE-2016-10344 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in LTE.

  47. CVE-2016-10343 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, sSL handshake failure with ClientHello rejection results in memory leak.

  48. CVE-2015-9073 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall.

  49. CVE-2015-9072 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall.

  50. CVE-2015-9071 Published Aug 18, 2017

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall.