Vulnerabilities > Google > Android

DATE CVE VULNERABILITY TITLE RISK
2018-01-12 CVE-2017-13216 Out-of-bounds Write vulnerability in Google Android
In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma.
local
low complexity
google CWE-787
7.8
2018-01-12 CVE-2017-13215 Unspecified vulnerability in Google Android
A elevation of privilege vulnerability in the Upstream kernel skcipher.
local
low complexity
google
7.8
2018-01-12 CVE-2017-13214 Improper Input Validation vulnerability in Google Android
In the hardware HEVC decoder, some media files could cause a page fault.
network
low complexity
google CWE-20
7.5
2018-01-12 CVE-2017-13213 Unspecified vulnerability in Google Android
An elevation of privilege vulnerability in the Broadcom bcmdhd driver.
local
low complexity
google
7.8
2018-01-12 CVE-2017-13212 Unspecified vulnerability in Google Android
An elevation of privilege vulnerability in the Android system (systemui).
local
low complexity
google
7.8
2018-01-12 CVE-2017-13211 Resource Exhaustion vulnerability in Google Android 8.0
In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible resource exhaustion if a large number of repeated BLE scan results are received.
network
low complexity
google CWE-400
7.5
2018-01-12 CVE-2017-13210 Out-of-bounds Write vulnerability in Google Android
In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, there is an out-of-bounds write if metadataSize is too small.
local
low complexity
google CWE-787
7.8
2018-01-12 CVE-2017-13209 Missing Authorization vulnerability in Google Android 8.0/8.1
In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL service with its own service.
local
low complexity
google CWE-862
7.8
2018-01-12 CVE-2017-13208 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
In receive_packet of libnetutils/packet.c, there is a possible out-of-bounds write due to a missing bounds check on the DHCP response.
network
low complexity
google CWE-119
critical
9.8
2018-01-12 CVE-2017-13207 Information Exposure vulnerability in Google Android
An information disclosure vulnerability in the Android media framework (stagefright mpeg4writer).
network
low complexity
google CWE-200
7.5