Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2017-13297

    A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71766721.... Read more

    Affected Products : android
    • EPSS Score: %0.09
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-13296

    A information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897454.... Read more

    Affected Products : android
    • EPSS Score: %0.09
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-13295

    A denial of service vulnerability in the Android framework (package installer). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62537081.... Read more

    Affected Products : android
    • EPSS Score: %0.11
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-13294

    A information disclosure vulnerability in the Android framework (aosp email application). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71814449.... Read more

    Affected Products : android
    • EPSS Score: %0.09
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-13293

    In the nfc_hci_cmd_received() function of core.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not... Read more

    Affected Products : android
    • EPSS Score: %0.03
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-13292

    In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Produ... Read more

    Affected Products : android
    • EPSS Score: %2.24
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-13291

    In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible NULL pointer dereference due to missing bounds checks. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for expl... Read more

    Affected Products : android
    • EPSS Score: %1.77
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 6.2

    MEDIUM
    CVE-2017-13290

    In sdp_server_handle_client_req of sdp_server.cc, there is an out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation... Read more

    Affected Products : android
    • EPSS Score: %0.05
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-13289

    In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a write size mismatch. This could lead to a local escalation of privileges where the user can start an activity with system privileges, with no additional execut... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-13288

    In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, there is a permission bypass due to a 64/32bit int mismatch. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no add... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-13287

    In createFromParcel of VerifyCredentialResponse.java, there is a possible invalid parcel read due to improper input validation. This could lead to local escalation of privilege if mPayload in writeToParcel were null, with no additional execution privilege... Read more

    Affected Products : android
    • EPSS Score: %0.03
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-13286

    In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due to mismatched serialization. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no addition... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-13285

    In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User in... Read more

    Affected Products : android
    • EPSS Score: %2.24
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-13284

    In config_set_string of config.cc, it is possible to pair a second BT keyboard without user approval due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is no... Read more

    Affected Products : android
    • EPSS Score: %1.23
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-13283

    In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possible out of bounds write on the stack due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not need... Read more

    Affected Products : android
    • EPSS Score: %2.96
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-13282

    In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitat... Read more

    Affected Products : android
    • EPSS Score: %3.35
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-13281

    In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitat... Read more

    Affected Products : android
    • EPSS Score: %2.67
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-13280

    In the FrameSequence_gif::FrameSequence_gif function of libframesequence, there is a out of bounds read due to a missing bounds check. This could lead to a remote denial of service with no additional execution privileges needed. User interaction is not ne... Read more

    Affected Products : android
    • EPSS Score: %0.50
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-13279

    In M3UParser::parse of M3UParser.cpp, there is a memory resource exhaustion due to a large loop of pushing items into a vector. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for expl... Read more

    Affected Products : android
    • EPSS Score: %0.16
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-13278

    In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product:... Read more

    Affected Products : android
    • EPSS Score: %0.10
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291617 Results