Export limit exceeded: 344992 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344992 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-13191 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In the ihevcd_decode function of ihevcd_decode.c, there is an infinite loop due to an incomplete frame error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380403. | ||||
| CVE-2017-13190 | 1 Google | 1 Android | 2024-11-21 | N/A |
| A vulnerability in the Android media framework (libhevc) related to handling ps_codec_obj memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68299873. | ||||
| CVE-2017-13189 | 1 Google | 1 Android | 2024-11-21 | N/A |
| A vulnerability in the Android media framework (libavc) related to handling dec_hdl memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68300072. | ||||
| CVE-2017-13188 | 1 Google | 1 Android | 2024-11-21 | N/A |
| An information disclosure vulnerability in the Android media framework (aac). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65280786. | ||||
| CVE-2017-13187 | 1 Google | 1 Android | 2024-11-21 | N/A |
| An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65034175. | ||||
| CVE-2017-13186 | 1 Google | 1 Android | 2024-11-21 | N/A |
| A vulnerability in the Android media framework (libavc) related to incorrect use of mmco parameters. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65735716. | ||||
| CVE-2017-13185 | 1 Google | 1 Android | 2024-11-21 | N/A |
| An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65123471. | ||||
| CVE-2017-13184 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-65483324. | ||||
| CVE-2017-13183 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free due to a race condition if the user frees the buffer while it's being used in another thread. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.1. Android ID: A-38118127. | ||||
| CVE-2017-13182 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to an out-of-bounds write. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67737022. | ||||
| CVE-2017-13181 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In the doGetThumb and getThumbnail functions of MtpServer, there is a possible double free due to not NULLing out a freed pointer. This could lead to an local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67864232. | ||||
| CVE-2017-13180 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In the onQueueFilled function of SoftAVCDec, there is a possible out-of-bounds write due to a use after free if a bad header causes the decoder to get caught in a loop while another thread frees the memory it's accessing. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969349. | ||||
| CVE-2017-13179 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In the ihevcd_allocate_static_bufs and ihevcd_create functions of SoftHEVC, there is a possible out-of-bounds write due to a use after free. Both ps_codec_obj and ps_create_op->s_ivd_create_op_t.pv_handle point to the same memory and ps_codec_obj could be freed without clearing ps_create_op->s_ivd_create_op_t.pv_handle. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969193. | ||||
| CVE-2017-13178 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In the initDecoder function of SoftAVCDec, there is a possible out-of-bounds write to mCodecCtx due to a use after free when buffer allocation fails. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969281. | ||||
| CVE-2017-13177 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In several functions of libhevc, NEON registers are not preserved. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68320413. | ||||
| CVE-2017-13176 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68341964. | ||||
| CVE-2017-13108 | 1 Psafe | 1 Dfndr Security | 2024-11-21 | N/A |
| DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. | ||||
| CVE-2017-13107 | 1 Liveme | 1 Liveme | 2024-11-21 | 7.5 High |
| Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. | ||||
| CVE-2017-13106 | 1 Cmcm | 1 Cm Launcher 3d | 2024-11-21 | N/A |
| Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. | ||||
| CVE-2017-13105 | 1 Hisecuritylab | 1 Virus Cleaner | 2024-11-21 | N/A |
| Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication. This opens the application up to a man-in-the-middle attack having all of its encrypted traffic intercepted and read by an attacker. | ||||