| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel. |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy(). |
| Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to circumvent Cross-Origin Resource Sharing checks via a crafted HTML page. |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition. |
| A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37712181. |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists where an array out of bounds access can occur during a CA call. |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on a length in a System Information message. |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached while processing a downlink message. |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a memory management routine. |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a procedure involving a remote UIM client. |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall. |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall. |
| An elevation of privilege vulnerability in the MediaTek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android. Versions: N/A. Android ID: A-34468195. References: M-ALPS03162283. |
| An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167. |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS. |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application. |
| An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879772. |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace. |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later. |
| The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. |
