NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2016-5349 | The high level operating systems (HLOS) was not providing sufficient memory address information to ensure that secure applications inside Qualcomm Secure Execution Environment (QSEE) only write to legitimate memory ranges related to the QSEE secure application's HLOS client. When secure applications inside Qualcomm Secure Execution Environment (QSEE) receive memory addresses from a high level operating system (HLOS) such as Linux Android, those address have previously been verified as belonging | 5.5 | 0.12% | 2017-04-06 | 2026-05-13 |
| CVE-2017-8244 | In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_buf->filled_size" could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on race conditions. "buffer->curr" itself could also be overwritten, which means that it may point to anywhere of kernel memory (for write). | 7.0 | 0.03% | 2017-05-12 | 2026-05-13 |
| CVE-2017-8245 | In all Android releases from CAF using the Linux kernel, while processing a voice SVC request which is nonstandard by specifying a payload size that will overflow its own declared size, an out of bounds memory copy occurs. | 7.8 | 0.04% | 2017-05-12 | 2026-05-13 |
| CVE-2017-8246 | In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. There are other functions that access the same memory (substream->runtime->private_data) with a NULL check, such as msm_pcm_volume_ctl_put(), which means this freed memory could be used. | 7.8 | 0.03% | 2017-05-12 | 2026-05-13 |
| CVE-2014-9960 | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API. | 7.8 | 0.11% | 2017-06-13 | 2026-05-13 |
| CVE-2014-9961 | In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection. | 7.8 | 0.09% | 2017-06-13 | 2026-05-13 |
| CVE-2014-9962 | In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of a DRM provisioning command. | 7.8 | 0.11% | 2017-06-13 | 2026-05-13 |
| CVE-2014-9963 | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WideVine DRM. | 7.8 | 0.11% | 2017-06-13 | 2026-05-13 |
| CVE-2014-9964 | In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in debug functionality. | 7.8 | 0.10% | 2017-06-13 | 2026-05-13 |
| CVE-2014-9965 | In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of an SCM call. | 7.8 | 0.11% | 2017-06-13 | 2026-05-13 |
| CVE-2014-9966 | In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists in Secure Display. | 7.0 | 0.04% | 2017-06-13 | 2026-05-13 |
| CVE-2014-9967 | In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. | 7.8 | 0.10% | 2017-06-13 | 2026-05-13 |
| CVE-2015-9020 | In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in the unlocking of memory. | 7.8 | 0.10% | 2017-06-13 | 2026-05-13 |
| CVE-2015-9021 | In all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled. | 5.5 | 0.09% | 2017-06-13 | 2026-05-13 |
| CVE-2015-9022 | In all Android releases from CAF using the Linux kernel, time-of-check Time-of-use (TOCTOU) Race Conditions exist in several TZ APIs. | 7.0 | 0.04% | 2017-06-13 | 2026-05-13 |
| CVE-2015-9023 | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API. | 7.8 | 0.11% | 2017-06-13 | 2026-05-13 |
| CVE-2015-9024 | In all Android releases from CAF using the Linux kernel, some interfaces were improperly exposed to QTEE applications. | 5.5 | 0.10% | 2017-06-13 | 2026-05-13 |
| CVE-2015-9025 | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE application. | 7.8 | 0.11% | 2017-06-13 | 2026-05-13 |
| CVE-2015-9026 | In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. | 7.8 | 0.10% | 2017-06-13 | 2026-05-13 |
| CVE-2015-9027 | In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. | 7.8 | 0.10% | 2017-06-13 | 2026-05-13 |