Google Inc Android vulnerabilities

CVE-2014-9956 [CRITICAL] CWE-264 CVE-2014-9956: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36389611.

CVE-2014-9955 [CRITICAL] CWE-264 CVE-2014-9955: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384686.

CVE-2015-9014 [CRITICAL] CWE-264 CVE-2015-9014: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393750.

CVE-2016-8488 [CRITICAL] CWE-264 CVE-2016-8488: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-31625756.

CVE-2017-13267 [CRITICAL] CWE-119 CVE-2017-13267: In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bo In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-6947900

CVE-2015-9011 [CRITICAL] CWE-264 CVE-2015-9011: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714882.

CVE-2017-13292 [CRITICAL] CWE-787 CVE-2017-13292: In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of bounds write due to an incorrect bo In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-70722061. References: B-V2018010201.

CVE-2016-10299 [CRITICAL] CWE-264 CVE-2016-10299: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32577244.

CVE-2015-9013 [CRITICAL] CWE-264 CVE-2015-9013: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393251.

CVE-2014-9957 [CRITICAL] CWE-264 CVE-2014-9957: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36387564.

CVE-2017-13248 [HIGH] CWE-787 CVE-2017-13248: In impeg2_idct_recon_sse42() of impeg2_idct_recon_sse42_intr.c, there is an out of bound write due t In impeg2_idct_recon_sse42() of impeg2_idct_recon_sse42_intr.c, there is an out of bound write due to a missing bounds check. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-7034961

CVE-2017-13270 [HIGH] CVE-2017-13270: A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versi A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69474744.

CVE-2017-13256 [HIGH] CWE-787 CVE-2017-13256: In process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missin In process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68817966.

CVE-2017-13286 [HIGH] CWE-502 CVE-2017-13286: In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due to In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due to mismatched serialization. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.

CVE-2017-13255 [HIGH] CWE-787 CVE-2017-13255: In process_service_attr_req of sdp_server.c, there is an out of bounds write due to a missing bounds In process_service_attr_req of sdp_server.c, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68776054.

CVE-2017-13276 [HIGH] CWE-119 CVE-2017-13276: In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible stack buffer overflow due to a In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70637599.

CVE-2016-10235 [HIGH] CWE-20 CVE-2016-10235: A denial of service vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android k A denial of service vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-34390620. References: QC-CR#1046409.

CVE-2017-13291 [HIGH] CWE-476 CVE-2017-13291: In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible NULL pointer dereference due to In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible NULL pointer dereference due to missing bounds checks. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603553.

CVE-2017-13252 [HIGH] CWE-787 CVE-2017-13252: In CryptoHal::decrypt of CryptoHal.cpp, there is an out of bounds write due to improper input valida In CryptoHal::decrypt of CryptoHal.cpp, there is an out of bounds write due to improper input validation that results in a read from uninitialized memory. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-7052

CVE-2017-13254 [HIGH] CVE-2017-13254: A other vulnerability in the Android media framework (AACExtractor). Product: Android. Versions: 6.0 A other vulnerability in the Android media framework (AACExtractor). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70239507.