Google: >> Android >> 15.0 Security Vulnerabilities
A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 56.
CVSS Score
5.3
EPSS Score
0.009
Published
2018-06-11
An elevation of privilege vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-36006779.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-11-16
An elevation of privilege vulnerability in the Upstream kernel video driver. Product: Android. Versions: Android kernel. Android ID: A-37950620.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-11-16
An elevation of privilege vulnerability in the MediaTek ioctl (flashlight). Product: Android. Versions: Android kernel. Android ID: A-37277147. References: M-ALPS03394571.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-11-16
An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-65025090. References: M-ALPS02973195.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-11-16
An elevation of privilege vulnerability in the MediaTek ccci. Product: Android. Versions: Android kernel. Android ID: A-62670819. References: M-ALPS03361488.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-11-16
In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an error condition, this user-provided address will be freed (arbitrary free), and continued operation could result in use after free condition.
CVSS Score
9.8
EPSS Score
0.002
Published
2017-08-18
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy().
CVSS Score
7.8
EPSS Score
0.001
Published
2017-08-18
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs.
CVSS Score
7.5
EPSS Score
0.001
Published
2017-08-18
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error message.
CVSS Score
7.5
EPSS Score
0.001
Published
2017-08-18