Google Inc Android vulnerabilities

CVE-2017-13282 [CRITICAL] CWE-119 CVE-2017-13282: In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible stack buffer overflow due to a In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603315.

CVE-2014-9954 [CRITICAL] CWE-264 CVE-2014-9954: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36388559.

CVE-2014-9953 [CRITICAL] CWE-264 CVE-2014-9953: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714770.

CVE-2014-9959 [CRITICAL] CWE-264 CVE-2014-9959: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36383694.

CVE-2015-9010 [CRITICAL] CWE-264 CVE-2015-9010: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393101.

CVE-2015-9008 [CRITICAL] CWE-264 CVE-2015-9008: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689.

CVE-2016-10233 [CRITICAL] CWE-264 CVE-2016-10233: An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: An An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34389926. References: QC-CR#897452.

CVE-2015-9012 [CRITICAL] CWE-264 CVE-2015-9012: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384691.

CVE-2016-10230 [CRITICAL] CWE-264 CVE-2016-10230: A remote code execution vulnerability in the Qualcomm crypto driver. Product: Android. Versions: And A remote code execution vulnerability in the Qualcomm crypto driver. Product: Android. Versions: Android kernel. Android ID: A-34389927. References: QC-CR#1091408.

CVE-2017-13272 [CRITICAL] CWE-416 CVE-2017-13272: In alarm_ready_generic of alarm.cc, there is a possible out of bounds write due to a use after free. In alarm_ready_generic of alarm.cc, there is a possible out of bounds write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110137.

CVE-2016-8484 [CRITICAL] CWE-264 CVE-2016-8484: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823575.

CVE-2017-13274 [CRITICAL] CWE-346 CVE-2017-13274: In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determin In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71360761.

CVE-2017-13285 [CRITICAL] CWE-787 CVE-2017-13285: In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a possible out of bounds write In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7

CVE-2017-13284 [CRITICAL] CWE-20 CVE-2017-13284: In config_set_string of config.cc, it is possible to pair a second BT keyboard without user approval In config_set_string of config.cc, it is possible to pair a second BT keyboard without user approval due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1.

CVE-2014-9958 [CRITICAL] CWE-264 CVE-2014-9958: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384774.

CVE-2016-10298 [CRITICAL] CWE-264 CVE-2016-10298: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393252.

CVE-2015-9009 [CRITICAL] CWE-264 CVE-2015-9009: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393600.

CVE-2017-13281 [CRITICAL] CWE-119 CVE-2017-13281: In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stack buffer overflow due to an in In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71603262.

CVE-2017-13283 [CRITICAL] CWE-787 CVE-2017-13283: In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possible out of bounds write on the In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possible out of bounds write on the stack due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71

CVE-2017-13266 [CRITICAL] CWE-119 CVE-2017-13266: In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bo In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478941.