Google Inc Android vulnerabilities

CVE-2015-9015 [HIGH] CWE-264 CVE-2015-9015: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714120.

CVE-2017-13300 [HIGH] CWE-20 CVE-2017-13300: A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versio A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1. Android ID: A-71567394.

CVE-2017-13301 [HIGH] CWE-20 CVE-2017-13301: A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0 A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-66498711.

CVE-2017-13280 [HIGH] CWE-125 CVE-2017-13280: In the FrameSequence_gif::FrameSequence_gif function of libframesequence, there is a out of bounds r In the FrameSequence_gif::FrameSequence_gif function of libframesequence, there is a out of bounds read due to a missing bounds check. This could lead to a remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Androi

CVE-2017-13250 [HIGH] CWE-787 CVE-2017-13250: In ih264d_fmt_conv_420sp_to_420p of ih264d_utils.c, there is an out of bound write due to a missing In ih264d_fmt_conv_420sp_to_420p of ih264d_utils.c, there is an out of bound write due to a missing out of bounds check because of a multiplication error. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0

CVE-2017-13259 [HIGH] CWE-125 CVE-2017-13259: In functionality implemented in sdp_discovery.cc, there are possible out of bounds reads due to miss In functionality implemented in sdp_discovery.cc, there are possible out of bounds reads due to missing bounds checks. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID:

CVE-2017-13278 [HIGH] CWE-416 CVE-2017-13278: In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there is a possible use after free. In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70546581.

CVE-2016-10232 [HIGH] CWE-264 CVE-2016-10232: An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: An An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34386696. References: QC-CR#1024872.

CVE-2017-13302 [HIGH] CWE-20 CVE-2017-13302: A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0 A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-69969749.

CVE-2017-13277 [HIGH] CWE-787 CVE-2017-13277: In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bo In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72165027.

CVE-2017-13305 [HIGH] CWE-125 CVE-2017-13305: A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Vers A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.

CVE-2017-13249 [HIGH] CWE-787 CVE-2017-13249: In impeg2d_api_set_display_frame of impeg2d_api_main.c, there is an out of bound write due to a miss In impeg2d_api_set_display_frame of impeg2d_api_main.c, there is an out of bound write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70399408.

CVE-2016-8485 [HIGH] CWE-200 CVE-2016-8485: An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Vers An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823681.

CVE-2017-13268 [MEDIUM] CWE-200 CVE-2017-13268: A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67058064.

CVE-2017-13279 [MEDIUM] CWE-834 CVE-2017-13279: In M3UParser::parse of M3UParser.cpp, there is a memory resource exhaustion due to a large loop of p In M3UParser::parse of M3UParser.cpp, there is a memory resource exhaustion due to a large loop of pushing items into a vector. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-683

CVE-2017-13304 [MEDIUM] CWE-200 CVE-2017-13304: A information disclosure vulnerability in the Upstream kernel mnh_sm driver. Product: Android. Versi A information disclosure vulnerability in the Upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-70576999.

CVE-2017-13257 [MEDIUM] CWE-416 CVE-2017-13257: In bta_pan_data_buf_ind_cback of bta_pan_act.cc there is a use after free that can result in an out In bta_pan_data_buf_ind_cback of bta_pan_act.cc there is a use after free that can result in an out of bounds read of memory allocated via malloc. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0,

CVE-2017-13297 [MEDIUM] CWE-200 CVE-2017-13297: A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. V A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71766721.

CVE-2017-13290 [MEDIUM] CWE-125 CVE-2017-13290: In sdp_server_handle_client_req of sdp_server.cc, there is an out of bounds read due to a missing bo In sdp_server_handle_client_req of sdp_server.cc, there is an out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69384124.

CVE-2016-10234 [MEDIUM] CWE-200 CVE-2016-10234: An information disclosure vulnerability in the Qualcomm IPA driver. Product: Android. Versions: Andr An information disclosure vulnerability in the Qualcomm IPA driver. Product: Android. Versions: Android kernel. Android ID: A-34390017. References: QC-CR#1069060.