Filtered by vendor Google
Subscribe
Search
Total
2922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5133 | 1 Google | 1 Chrome | 2017-09-01 | 4.3 MEDIUM | 5.3 MEDIUM |
| Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream. | |||||
| CVE-2017-8254 | 1 Google | 1 Android | 2017-08-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid. | |||||
| CVE-2017-9682 | 1 Google | 1 Android | 2017-08-22 | 2.6 LOW | 4.7 MEDIUM |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition. | |||||
| CVE-2016-5347 | 1 Google | 1 Android | 2017-08-18 | 2.6 LOW | 4.7 MEDIUM |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel stack data can be leaked to userspace by an audio driver. | |||||
| CVE-2016-5858 | 1 Google | 1 Android | 2017-08-18 | 2.6 LOW | 4.7 MEDIUM |
| In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a user supplies a value too large, then an out-of-bounds read occurs. | |||||
| CVE-2016-5854 | 1 Google | 1 Android | 2017-08-18 | 2.6 LOW | 4.7 MEDIUM |
| In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, kernel heap memory can be exposed to userspace. | |||||
| CVE-2016-5855 | 1 Google | 1 Android | 2017-08-18 | 2.6 LOW | 4.7 MEDIUM |
| In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a user-supplied buffer is casted to a structure without checking if the source buffer is large enough. | |||||
| CVE-2017-8258 | 1 Google | 1 Android | 2017-08-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| An array out-of-bounds access in all Qualcomm products with Android releases from CAF using the Linux kernel can potentially occur in a camera driver. | |||||
| CVE-2016-5267 | 2 Google, Mozilla | 2 Android, Firefox | 2017-08-16 | 4.3 MEDIUM | 5.3 MEDIUM |
| Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set. | |||||
| CVE-2017-0739 | 1 Google | 1 Android | 2017-08-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37712181. | |||||
| CVE-2016-3896 | 1 Google | 1 Android | 2017-08-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows attackers to obtain sensitive EmailAccountCacheProvider information via a crafted application, aka internal bug 29767043. | |||||
| CVE-2016-3884 | 1 Google | 1 Android | 2017-08-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| server/notification/NotificationManagerService.java in the Notification Manager Service in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 lacks uid checks, which allows attackers to bypass intended restrictions on method calls via a crafted application, aka internal bug 29421441. | |||||
| CVE-2016-3875 | 1 Google | 1 Android | 2017-08-13 | 7.2 HIGH | 6.8 MEDIUM |
| server/wm/WindowManagerService.java in Android 6.x before 2016-09-01 does not enforce the DISALLOW_SAFE_BOOT setting, which allows physically proximate attackers to bypass intended access restrictions and boot to safe mode via unspecified vectors, aka internal bug 26251884. | |||||
| CVE-2016-3880 | 1 Google | 1 Android | 2017-08-13 | 7.1 HIGH | 5.5 MEDIUM |
| Multiple buffer overflows in rtsp/ASessionDescription.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 25747670. | |||||
| CVE-2016-3881 | 1 Google | 1 Android | 2017-08-13 | 7.1 HIGH | 5.5 MEDIUM |
| The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows remote attackers to cause a denial of service (buffer over-read, and device hang or reboot) via a crafted media file, aka internal bug 30013856. | |||||
| CVE-2016-5148 | 1 Google | 1 Chrome | 2017-08-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka "Universal XSS (UXSS)." | |||||
| CVE-2016-5147 | 1 Google | 1 Chrome | 2017-08-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)." | |||||
| CVE-2016-3883 | 1 Google | 1 Android | 2017-08-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| internal/telephony/SMSDispatcher.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not properly construct warnings about premium SMS messages, which allows attackers to spoof the premium-payment confirmation dialog via a crafted application, aka internal bug 28557603. | |||||
| CVE-2016-3886 | 1 Google | 1 Android | 2017-08-13 | 7.2 HIGH | 6.8 MEDIUM |
| systemui/statusbar/phone/QuickStatusBarHeader.java in the System UI Tuner in Android 7.0 before 2016-09-01 does not prevent tuner changes on the lockscreen, which allows physically proximate attackers to gain privileges by modifying a setting, aka internal bug 30107438. | |||||
| CVE-2016-3889 | 1 Google | 1 Android | 2017-08-13 | 7.2 HIGH | 6.8 MEDIUM |
| Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism by accessing (1) an external tile from a system application, (2) the help feature, or (3) the Settings application during a pre-setup stage, aka internal bug 29194585. | |||||
| CVE-2016-3892 | 1 Google | 1 Android | 2017-08-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| The Qualcomm SPMI driver in Android before 2016-09-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28760543 and Qualcomm internal bug CR1024197. | |||||
| CVE-2016-3893 | 1 Google | 1 Android | 2017-08-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| The wcdcal_hwdep_ioctl_shared function in sound/soc/codecs/wcdcal-hwdep.c in the Qualcomm sound codec in Android before 2016-09-05 on Nexus 6P devices does not properly copy firmware data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29512527 and Qualcomm internal bug CR856400. | |||||
| CVE-2016-3894 | 1 Google | 1 Android | 2017-08-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| The Qualcomm DMA component in Android before 2016-09-05 on Nexus 6 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29618014 and Qualcomm internal bug CR1042033. | |||||
| CVE-2016-3899 | 1 Google | 1 Android | 2017-08-13 | 7.1 HIGH | 5.5 MEDIUM |
| OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not validate a certain pointer, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29421811. | |||||
| CVE-2016-3898 | 1 Google | 1 Android | 2017-08-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| Telephony in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to cause a denial of service (loss of locked-screen 911 TTY functionality) via a crafted application that modifies the TTY mode by broadcasting an intent, aka internal bug 29832693. | |||||
| CVE-2016-3897 | 1 Google | 1 Android | 2017-08-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| The WifiEnterpriseConfig class in net/wifi/WifiEnterpriseConfig.java in Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 includes a password in the return value of a toString method call, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 25624963. | |||||
| CVE-2016-3895 | 1 Google | 1 Android | 2017-08-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer overflow in the Region::unflatten function in libs/ui/Region.cpp in mediaserver in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 29983260. | |||||
| CVE-2016-3876 | 1 Google | 1 Android | 2017-08-13 | 7.2 HIGH | 6.8 MEDIUM |
| providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFE_BOOT_DISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge (adb) tool, aka internal bug 29900345. | |||||
| CVE-2016-3878 | 1 Google | 1 Android | 2017-08-13 | 7.1 HIGH | 5.5 MEDIUM |
| decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-09-01 mishandles the case of decoding zero MBs, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29493002. | |||||
| CVE-2016-3879 | 1 Google | 1 Android | 2017-08-13 | 7.1 HIGH | 5.5 MEDIUM |
| arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows remote attackers to cause a denial of service (NULL pointer dereference, and device hang or reboot) via a crafted media file, aka internal bug 29770686. | |||||
| CVE-2015-3839 | 1 Google | 1 Android | 2017-08-09 | 2.1 LOW | 5.5 MEDIUM |
| The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash). | |||||
| CVE-2017-2278 | 3 Apple, Google, Iid | 3 Iphone Os, Android, Rbb Speed Test | 2017-08-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-3742 | 3 Google, Lenovo, Microsoft | 3 Android, Connect2, Windows | 2017-07-27 | 2.3 LOW | 4.8 MEDIUM |
| In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to the user's contents could connect to the Connect2 hotspot and see the contents of files while they are being transferred between the two systems. | |||||
| CVE-2017-0420 | 1 Google | 1 Android | 2017-07-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32615212. | |||||
| CVE-2016-8414 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31704078. References: QC-CR#1076407. | |||||
| CVE-2017-0413 | 1 Google | 1 Android | 2017-07-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32161610. | |||||
| CVE-2017-0448 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-32721029. References: N-CVE-2017-0448. | |||||
| CVE-2017-0451 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796345. References: QC-CR#1073129. | |||||
| CVE-2017-0421 | 1 Google | 1 Android | 2017-07-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32555637. | |||||
| CVE-2017-0424 | 1 Google | 1 Android | 2017-07-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it is a general bypass for a user level defense in depth or exploit mitigation technology in a privileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322450. | |||||
| CVE-2017-0425 | 1 Google | 1 Android | 2017-07-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32720785. | |||||
| CVE-2017-0414 | 1 Google | 1 Android | 2017-07-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32807795. | |||||
| CVE-2017-0426 | 1 Google | 1 Android | 2017-07-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the Filesystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32799236. | |||||
| CVE-2016-10398 | 1 Google | 1 Android | 2017-07-21 | 7.2 HIGH | 6.2 MEDIUM |
| Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge. This allows adversaries to replay previously captured responses and use the TEE without authenticating. All apps using authentication-gated cryptography are vulnerable to this attack, which was confirmed on the LG Nexus 5X. | |||||
| CVE-2017-0529 | 1 Google | 1 Android | 2017-07-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-28449427. References: M-ALPS02710042. | |||||
| CVE-2017-0483 | 1 Google | 1 Android | 2017-07-17 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33137046. | |||||
| CVE-2017-0484 | 1 Google | 1 Android | 2017-07-17 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33298089. | |||||
| CVE-2017-0488 | 1 Google | 1 Android | 2017-07-17 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097213. | |||||
| CVE-2017-0494 | 1 Google | 1 Android | 2017-07-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32764144. | |||||
| CVE-2017-0495 | 1 Google | 1 Android | 2017-07-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33552073. | |||||