Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2017-AVI-167
Vulnerability from certfr_avis - Published: 2017-06-06 - Updated: 2017-06-06
De multiples vulnérabilités ont été corrigées dans Google Android (Nexus). Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Google Android (Nexus) toutes versions n'intégrant pas le correctif de sécurité du 5 juin 2017
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eGoogle Android (Nexus) toutes versions n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 du 5 juin 2017\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-0636",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0636"
},
{
"name": "CVE-2017-8241",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8241"
},
{
"name": "CVE-2017-0646",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0646"
},
{
"name": "CVE-2017-8240",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8240"
},
{
"name": "CVE-2014-9963",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9963"
},
{
"name": "CVE-2015-9022",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9022"
},
{
"name": "CVE-2017-0638",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0638"
},
{
"name": "CVE-2017-7370",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7370"
},
{
"name": "CVE-2015-9025",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9025"
},
{
"name": "CVE-2014-9965",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9965"
},
{
"name": "CVE-2015-8871",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8871"
},
{
"name": "CVE-2017-8236",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8236"
},
{
"name": "CVE-2017-0647",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0647"
},
{
"name": "CVE-2017-0651",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0651"
},
{
"name": "CVE-2015-9031",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9031"
},
{
"name": "CVE-2015-9023",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9023"
},
{
"name": "CVE-2017-7364",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7364"
},
{
"name": "CVE-2014-9967",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9967"
},
{
"name": "CVE-2017-8242",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8242"
},
{
"name": "CVE-2017-0641",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0641"
},
{
"name": "CVE-2016-5864",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5864"
},
{
"name": "CVE-2015-9029",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9029"
},
{
"name": "CVE-2014-9962",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9962"
},
{
"name": "CVE-2017-0645",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0645"
},
{
"name": "CVE-2014-9954",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9954"
},
{
"name": "CVE-2015-9020",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9020"
},
{
"name": "CVE-2014-9958",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9958"
},
{
"name": "CVE-2017-7371",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7371"
},
{
"name": "CVE-2017-6247",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6247"
},
{
"name": "CVE-2017-0643",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0643"
},
{
"name": "CVE-2014-9959",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9959"
},
{
"name": "CVE-2015-9013",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9013"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2015-9008",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9008"
},
{
"name": "CVE-2015-9014",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9014"
},
{
"name": "CVE-2017-0640",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0640"
},
{
"name": "CVE-2015-9012",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9012"
},
{
"name": "CVE-2014-9953",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9953"
},
{
"name": "CVE-2017-0644",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0644"
},
{
"name": "CVE-2017-5056",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5056"
},
{
"name": "CVE-2017-8233",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8233"
},
{
"name": "CVE-2017-7369",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7369"
},
{
"name": "CVE-2015-9011",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9011"
},
{
"name": "CVE-2016-1029",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1029"
},
{
"name": "CVE-2015-9021",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9021"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2014-9956",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9956"
},
{
"name": "CVE-2016-1034",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1034"
},
{
"name": "CVE-2014-9957",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9957"
},
{
"name": "CVE-2017-0639",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0639"
},
{
"name": "CVE-2015-9033",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9033"
},
{
"name": "CVE-2017-6249",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6249"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-9009",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9009"
},
{
"name": "CVE-2016-1033",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1033"
},
{
"name": "CVE-2017-8235",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8235"
},
{
"name": "CVE-2017-7366",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7366"
},
{
"name": "CVE-2014-9955",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9955"
},
{
"name": "CVE-2017-0650",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0650"
},
{
"name": "CVE-2017-0642",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0642"
},
{
"name": "CVE-2017-0649",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0649"
},
{
"name": "CVE-2015-9028",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9028"
},
{
"name": "CVE-2015-9026",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9026"
},
{
"name": "CVE-2015-9027",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9027"
},
{
"name": "CVE-2017-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0391"
},
{
"name": "CVE-2017-7372",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7372"
},
{
"name": "CVE-2017-7373",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7373"
},
{
"name": "CVE-2015-9010",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9010"
},
{
"name": "CVE-2016-8332",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8332"
},
{
"name": "CVE-2017-7368",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7368"
},
{
"name": "CVE-2014-9961",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9961"
},
{
"name": "CVE-2016-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
},
{
"name": "CVE-2017-8234",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8234"
},
{
"name": "CVE-2017-0637",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0637"
},
{
"name": "CVE-2015-9032",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9032"
},
{
"name": "CVE-2017-8237",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8237"
},
{
"name": "CVE-2017-7376",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7376"
},
{
"name": "CVE-2017-6248",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6248"
},
{
"name": "CVE-2017-6421",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6421"
},
{
"name": "CVE-2017-8239",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8239"
},
{
"name": "CVE-2014-9966",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9966"
},
{
"name": "CVE-2017-7365",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7365"
},
{
"name": "CVE-2015-9015",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9015"
},
{
"name": "CVE-2014-9960",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9960"
},
{
"name": "CVE-2017-7367",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7367"
},
{
"name": "CVE-2015-9030",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9030"
},
{
"name": "CVE-2017-0663",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0663"
},
{
"name": "CVE-2015-9024",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9024"
},
{
"name": "CVE-2016-5861",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5861"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2017-0648",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0648"
},
{
"name": "CVE-2014-9964",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9964"
}
],
"initial_release_date": "2017-06-06T00:00:00",
"last_revision_date": "2017-06-06T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-167",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-06-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Android (Nexus)\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android (Nexus)",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android du 05 juin 2017",
"url": "https://source.android.com/security/bulletin/2017-06-01"
}
]
}
CVE-2017-7373 (GCVE-0-2017-7373)
Vulnerability from cvelistv5 – Published: 2017-06-13 20:00 – Updated: 2024-08-05 15:56
VLAI
EPSS
Summary
In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver.
Severity
No CVSS data available.
CWE
- Double Free Vulnerability in Display
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038623 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | All Qualcomm products |
Affected:
All Android releases from CAF using the Linux kernel
|
Date Public
2017-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038623"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All Qualcomm products",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "All Android releases from CAF using the Linux kernel"
}
]
}
],
"datePublic": "2017-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Double Free Vulnerability in Display",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038623"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-7373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Double Free Vulnerability in Display"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2017-7373",
"datePublished": "2017-06-13T20:00:00.000Z",
"dateReserved": "2017-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:56:36.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7375 (GCVE-0-2017-7375)
Vulnerability from cvelistv5 – Published: 2018-02-19 19:00 – Updated: 2025-12-03 21:49
VLAI
EPSS
Summary
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).
Severity
9.8 (Critical)
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://android.googlesource.com/platform/externa… | x_refsource_CONFIRM |
| https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM |
| https://www.debian.org/security/2017/dsa-3952 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/98877 | vdb-entryx_refsource_BID |
| https://security.gentoo.org/glsa/201711-01 | vendor-advisoryx_refsource_GENTOO |
| https://git.gnome.org/browse/libxml2/commit/?id=9… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=1462203 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038623 | vdb-entryx_refsource_SECTRACK |
Date Public
2017-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "DSA-3952",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3952"
},
{
"name": "98877",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98877"
},
{
"name": "GLSA-201711-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201711-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462203"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038623"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-7375",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T21:49:15.976555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T21:49:54.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-20T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "DSA-3952",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3952"
},
{
"name": "98877",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98877"
},
{
"name": "GLSA-201711-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201711-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462203"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038623"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa"
},
{
"name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "DSA-3952",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3952"
},
{
"name": "98877",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98877"
},
{
"name": "GLSA-201711-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-01"
},
{
"name": "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1462203",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462203"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7375",
"datePublished": "2018-02-19T19:00:00.000Z",
"dateReserved": "2017-03-31T00:00:00.000Z",
"dateUpdated": "2025-12-03T21:49:54.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-7376 (GCVE-0-2017-7376)
Vulnerability from cvelistv5 – Published: 2018-02-19 19:00 – Updated: 2024-08-05 15:56
VLAI
EPSS
Summary
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM |
| https://www.debian.org/security/2017/dsa-3952 | vendor-advisoryx_refsource_DEBIAN |
| https://git.gnome.org/browse/libxml2/commit/?id=5… | x_refsource_CONFIRM |
| https://android.googlesource.com/platform/externa… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/98877 | vdb-entryx_refsource_BID |
| https://bugzilla.redhat.com/show_bug.cgi?id=1462216 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038623 | vdb-entryx_refsource_SECTRACK |
Date Public
2017-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "DSA-3952",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3952"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4"
},
{
"name": "98877",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98877"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462216"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038623"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-20T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "DSA-3952",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3952"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4"
},
{
"name": "98877",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98877"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462216"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038623"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "DSA-3952",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3952"
},
{
"name": "https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e"
},
{
"name": "https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4"
},
{
"name": "98877",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98877"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1462216",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462216"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7376",
"datePublished": "2018-02-19T19:00:00.000Z",
"dateReserved": "2017-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:56:36.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8233 (GCVE-0-2017-8233)
Vulnerability from cvelistv5 – Published: 2017-06-13 20:00 – Updated: 2024-08-05 16:27
VLAI
EPSS
Summary
In a camera driver function in all Android releases from CAF using the Linux kernel, a bounds check is missing when writing into an array potentially leading to an out-of-bounds heap write.
Severity
No CVSS data available.
CWE
- Improper Validation of Array Index in Camera
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038623 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | All Qualcomm products |
Affected:
All Android releases from CAF using the Linux kernel
|
Date Public
2017-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:23.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038623"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All Qualcomm products",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "All Android releases from CAF using the Linux kernel"
}
]
}
],
"datePublic": "2017-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In a camera driver function in all Android releases from CAF using the Linux kernel, a bounds check is missing when writing into an array potentially leading to an out-of-bounds heap write."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Validation of Array Index in Camera",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038623"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-8233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In a camera driver function in all Android releases from CAF using the Linux kernel, a bounds check is missing when writing into an array potentially leading to an out-of-bounds heap write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Validation of Array Index in Camera"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2017-8233",
"datePublished": "2017-06-13T20:00:00.000Z",
"dateReserved": "2017-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:27:23.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8234 (GCVE-0-2017-8234)
Vulnerability from cvelistv5 – Published: 2017-06-13 20:00 – Updated: 2024-08-05 16:27
VLAI
EPSS
Summary
In all Android releases from CAF using the Linux kernel, an out of bounds access can potentially occur in a camera function.
Severity
No CVSS data available.
CWE
- Buffer Over-read Vulnerability in Camera
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038623 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | All Qualcomm products |
Affected:
All Android releases from CAF using the Linux kernel
|
Date Public
2017-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038623"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All Qualcomm products",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "All Android releases from CAF using the Linux kernel"
}
]
}
],
"datePublic": "2017-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In all Android releases from CAF using the Linux kernel, an out of bounds access can potentially occur in a camera function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Over-read Vulnerability in Camera",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038623"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-8234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Android releases from CAF using the Linux kernel, an out of bounds access can potentially occur in a camera function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Over-read Vulnerability in Camera"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2017-8234",
"datePublished": "2017-06-13T20:00:00.000Z",
"dateReserved": "2017-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:27:22.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8235 (GCVE-0-2017-8235)
Vulnerability from cvelistv5 – Published: 2017-06-13 20:00 – Updated: 2024-08-05 16:27
VLAI
EPSS
Summary
In all Android releases from CAF using the Linux kernel, a memory structure in a camera driver is not properly protected.
Severity
No CVSS data available.
CWE
- Use After Free Vulnerability in Camera
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038623 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | All Qualcomm products |
Affected:
All Android releases from CAF using the Linux kernel
|
Date Public
2017-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038623"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All Qualcomm products",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "All Android releases from CAF using the Linux kernel"
}
]
}
],
"datePublic": "2017-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In all Android releases from CAF using the Linux kernel, a memory structure in a camera driver is not properly protected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use After Free Vulnerability in Camera",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038623"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-8235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Android releases from CAF using the Linux kernel, a memory structure in a camera driver is not properly protected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free Vulnerability in Camera"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2017-8235",
"datePublished": "2017-06-13T20:00:00.000Z",
"dateReserved": "2017-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:27:22.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8236 (GCVE-0-2017-8236)
Vulnerability from cvelistv5 – Published: 2017-06-13 20:00 – Updated: 2024-08-05 16:27
VLAI
EPSS
Summary
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver.
Severity
No CVSS data available.
CWE
- Buffer Copy without Checking Size of Input in IPA
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038623 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | All Qualcomm products |
Affected:
All Android releases from CAF using the Linux kernel
|
Date Public
2017-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:23.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038623"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All Qualcomm products",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "All Android releases from CAF using the Linux kernel"
}
]
}
],
"datePublic": "2017-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Copy without Checking Size of Input in IPA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038623"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-8236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy without Checking Size of Input in IPA"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2017-8236",
"datePublished": "2017-06-13T20:00:00.000Z",
"dateReserved": "2017-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:27:23.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8237 (GCVE-0-2017-8237)
Vulnerability from cvelistv5 – Published: 2017-06-13 20:00 – Updated: 2024-08-05 16:27
VLAI
EPSS
Summary
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists while loading a firmware image.
Severity
No CVSS data available.
CWE
- Buffer Copy without Checking Size of Input in IPA
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038623 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | All Qualcomm products |
Affected:
All Android releases from CAF using the Linux kernel
|
Date Public
2017-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:23.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038623"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All Qualcomm products",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "All Android releases from CAF using the Linux kernel"
}
]
}
],
"datePublic": "2017-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists while loading a firmware image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Copy without Checking Size of Input in IPA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038623"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-8237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists while loading a firmware image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy without Checking Size of Input in IPA"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2017-8237",
"datePublished": "2017-06-13T20:00:00.000Z",
"dateReserved": "2017-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:27:23.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8239 (GCVE-0-2017-8239)
Vulnerability from cvelistv5 – Published: 2017-06-13 20:00 – Updated: 2024-08-05 16:27
VLAI
EPSS
Summary
In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory.
Severity
No CVSS data available.
CWE
- Information Exposure Vulnerability in Camera
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM |
| https://source.android.com/security/bulletin/pixe… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038623 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | All Qualcomm products |
Affected:
All Android releases from CAF using the Linux kernel
|
Date Public
2017-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:23.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038623"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All Qualcomm products",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "All Android releases from CAF using the Linux kernel"
}
]
}
],
"datePublic": "2017-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Exposure Vulnerability in Camera",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-16T22:57:01.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038623"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-8239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure Vulnerability in Camera"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "https://source.android.com/security/bulletin/pixel/2017-11-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2017-8239",
"datePublished": "2017-06-13T20:00:00.000Z",
"dateReserved": "2017-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:27:23.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8240 (GCVE-0-2017-8240)
Vulnerability from cvelistv5 – Published: 2017-06-13 20:00 – Updated: 2024-08-05 16:27
VLAI
EPSS
Summary
In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability.
Severity
No CVSS data available.
CWE
- Buffer Over-read Vulnerability in Kernel
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-06-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038623 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | All Qualcomm products |
Affected:
All Android releases from CAF using the Linux kernel
|
Date Public
2017-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038623"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All Qualcomm products",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "All Android releases from CAF using the Linux kernel"
}
]
}
],
"datePublic": "2017-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Over-read Vulnerability in Kernel",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038623"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-8240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Over-read Vulnerability in Kernel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2017-8240",
"datePublished": "2017-06-13T20:00:00.000Z",
"dateReserved": "2017-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:27:22.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…