Multiple Vulnerabilities in Google Android OS Could Allow for Arbitrary Code Execution

ITS Advisory Number: 
2018-038
Date(s) Issued: 
Tuesday, April 3, 2018
Subject: 
Multiple Vulnerabilities in Google Android OS Could Allow for Arbitrary Code Execution
Overview: 

Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for arbitrary code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution within the context of a privileged process. Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

Systems Affected: 
  • Android OS builds utilizing Security Patch Levels issued prior to April 5, 2018.
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
Low
Description: 

Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for arbitrary code execution within the context of a privileged process. Details of these vulnerabilities are as follows:

  • An elevation of privilege vulnerability in Android runtime. (CVE-2017-13274)
  • An arbitrary code vulnerability in Broadcom components. (CVE-2017-13292)
  • An information disclosure vulnerability in Framework. (CVE-2017-13275)
  • An elevation of privilege vulnerability in Kernel components. (CVE-2017-13293)
  • Multiple information disclosure vulnerabilities in Kernel components. (CVE-2017-1653, CVE-2017-5754)
  • Multiple arbitrary code vulnerabilities in Media framework. (CVE-2017-13276, CVE-2017-13277)
  • An elevation of privilege vulnerability in Media framework. (CVE-2017-13278)
  • Multiple denial of service vulnerabilities in Media framework. (CVE-2017-13279, CVE-2017-13280)
  • Multiple vulnerabilities in Qualcomm closed-source components 2014-2016 cumulative update. (CVE-2014-10039, CVE-2014-10043, CVE-2014-10044, CVE-2014-10045, CVE-2014-10046, CVE-2014-10047, CVE-2014-10048, CVE-2014-10050, CVE-2014-10051, CVE-2014-10052, CVE-2014-10053, CVE-2014-10054, CVE-2014-10055, CVE-2014-10056, CVE-2014-10057, CVE-2014-10058, CVE-2014-10059, CVE-2014-10062, CVE-2014-10063, CVE-2014-9971, CVE-2014-9972, CVE-2014-9976, CVE-2014-9981, CVE-2014-9985, CVE-2014-9986, CVE-2014-9987, CVE-2014-9988, CVE-2014-9989, CVE-2014-9990, CVE-2014-9991, CVE-2014-9993, CVE-2014-9994, CVE-2014-9995, CVE-2014-9996, CVE-2014-9997, CVE-2014-9998, CVE-2015-0574, CVE-2015-0576, CVE-2015-8593, CVE-2015-8594, CVE-2015-9063, CVE-2015-9064, CVE-2015-9065, CVE-2015-9066, CVE-2015-9108, CVE-2015-9109, CVE-2015-9110, CVE-2015-9111, CVE-2015-9112, CVE-2015-9113, CVE-2015-9114, CVE-2015-9115, CVE-2015-9116, CVE-2015-9118, CVE-2015-9119, CVE-2015-9120, CVE-2015-9122, CVE-2015-9123, CVE-2015-9124, CVE-2015-9126, CVE-2015-9127, CVE-2015-9128, CVE-2015-9129, CVE-2015-9130, CVE-2015-9131, CVE-2015-9132, CVE-2015-9133, CVE-2015-9134, CVE-2015-9135, CVE-2015-9136, CVE-2015-9137, CVE-2015-9138, CVE-2015-9139, CVE-2015-9140, CVE-2015-9141, CVE-2015-9142, CVE-2015-9143, CVE-2015-9144, CVE-2015-9145, CVE-2015-9146, CVE-2015-9147, CVE-2015-9148, CVE-2015-9149, CVE-2015-9150, CVE-2015-9151, CVE-2015-9152, CVE-2015-9153, CVE-2015-9156, CVE-2015-9157, CVE-2015-9158, CVE-2015-9159, CVE-2015-9160, CVE-2015-9161, CVE-2015-9162, CVE-2015-9163, CVE-2015-9164, CVE-2015-9165, CVE-2015-9166, CVE-2015-9167, CVE-2015-9169, CVE-2015-9170, CVE-2015-9171, CVE-2015-9172, CVE-2015-9173, CVE-2015-9174, CVE-2015-9175, CVE-2015-9176, CVE-2015-9177, CVE-2015-9178, CVE-2015-9179, CVE-2015-9180, CVE-2015-9181, CVE-2015-9182, CVE-2015-9183, CVE-2015-9184, CVE-2015-9185, CVE-2015-9186, CVE-2015-9187, CVE-2015-9188, CVE-2015-9189, CVE-2015-9190, CVE-2015-9191, CVE-2015-9192, CVE-2015-9193, CVE-2015-9194, CVE-2015-9195, CVE-2015-9196, CVE-2015-9197, CVE-2015-9198, CVE-2015-9199, CVE-2015-9200, CVE-2015-9201, CVE-2015-9202, CVE-2015-9203, CVE-2015-9204, CVE-2015-9205, CVE-2015-9206, CVE-2015-9207, CVE-2015-9208, CVE-2015-9209, CVE-2015-9210, CVE-2015-9211, CVE-2015-9212, CVE-2015-9213, CVE-2015-9215, CVE-2015-9216, CVE-2015-9217, CVE-2015-9218, CVE-2015-9219, CVE-2015-9220, CVE-2015-9221, CVE-2015-9222, CVE-2015-9223, CVE-2015-9224, CVE-2016-10380, CVE-2016-10381, CVE-2016-10384, CVE-2016-10385, CVE-2016-10386, CVE-2016-10387, CVE-2016-10390, CVE-2016-10392, CVE-2016-10406, CVE-2016-10407, CVE-2016-10409, CVE-2016-10410, CVE-2016-10411, CVE-2016-10412, CVE-2016-10414, CVE-2016-10415, CVE-2016-10416, CVE-2016-10417, CVE-2016-10418, CVE-2016-10419, CVE-2016-10420, CVE-2016-10421, CVE-2016-10422, CVE-2016-10423, CVE-2016-10424, CVE-2016-10425, CVE-2016-10426, CVE-2016-10427, CVE-2016-10428, CVE-2016-10429, CVE-2016-10430, CVE-2016-10431, CVE-2016-10432, CVE-2016-10433, CVE-2016-10434, CVE-2016-10435, CVE-2016-10436, CVE-2016-10438, CVE-2016-10439, CVE-2016-10440, CVE-2016-10441, CVE-2016-10442, CVE-2016-10443, CVE-2016-10444, CVE-2016-10445, CVE-2016-10446, CVE-2016-10447, CVE-2016-10448, CVE-2016-10449, CVE-2016-10450, CVE-2016-10451, CVE-2016-10452, CVE-2016-10454, CVE-2016-10455, CVE-2016-10456, CVE-2016-10457, CVE-2016-10458, CVE-2016-10459, CVE-2016-10460, CVE-2016-10461, CVE-2016-10462, CVE-2016-10464, CVE-2016-10466, CVE-2016-10467, CVE-2016-10469, CVE-2016-10471, CVE-2016-10472, CVE-2016-10473, CVE-2016-10474, CVE-2016-10475, CVE-2016-10476, CVE-2016-10477, CVE-2016-10478, CVE-2016-10479, CVE-2016-10480, CVE-2016-10481, CVE-2016-10482, CVE-2016-10483, CVE-2016-10484, CVE-2016-10485, CVE-2016-10486, CVE-2016-10487, CVE-2016-10489, CVE-2016-10490, CVE-2016-10491, CVE-2016-10492, CVE-2016-10493, CVE-2016-10494, CVE-2016-10495, CVE-2016-10496, CVE-2016-10497, CVE-2016-10498, CVE-2016-10499, CVE-2016-10501, CVE-2016-5348)
  • Multiple vulnerabilities in Qualcomm closed-source components. (CVE-2017-11011, CVE-2017-18071, CVE-2017-18072, CVE-2017-18073, CVE-2017-18074, CVE-2017-18125, CVE-2017-18126, CVE-2017-18127, CVE-2017-18128, CVE-2017-18129, CVE-2017-18130, CVE-2017-18132, CVE-2017-18133, CVE-2017-18134, CVE-2017-18135, CVE-2017-18136, CVE-2017-18137, CVE-2017-18138, CVE-2017-18139, CVE-2017-18140, CVE-2017-18142, CVE-2017-18143, CVE-2017-18144, CVE-2017-18145, CVE-2017-18146, CVE-2017-18147, CVE-2017-8274, CVE-2017-8275, CVE-2018-3589, CVE-2018-3590, CVE-2018-3591, CVE-2018-3592, CVE-2018-3593, CVE-2018-3594)
  • An information disclosure vulnerability in Qualcomm components. (CVE-2017-13077)
  • An arbitrary code vulnerability in Qualcomm components. (CVE-2017-15822)
  • Multiple elevation of privilege vulnerabilities in Qualcomm components. (CVE-2017-17770, CVE-2018-3563, CVE-2018-3566)
  • Multiple arbitrary code vulnerabilities in System. (CVE-2017-13267, CVE-2017-13281, CVE-2017-13282, CVE-2017-13283, CVE-2017-13285)
  • Multiple elevation of privilege vulnerabilities in System. (CVE-2017-13284, CVE-2017-13286, CVE-2017-13287, CVE-2017-13288, CVE-2017-13289)
  • An information disclosure vulnerability in System. (CVE-2017-13290)
  • A denial of service vulnerability in System. (CVE-2017-13291)

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of a privileged process. These vulnerabilities could be exploited through multiple methods such as email, web browsing, and MMS when processing media files. Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Google notes that the vulnerabilities associated with Qualcomm closed-source components 2014-2016 cumulative update address issues patched in Qualcomm AMSS security bulletins or security alerts between 2014 and 2016. Many Android devices may have already addressed these issues in prior updates, but they are included in this Android security bulletin in order to associate them with a security patch level.

Actions: 
  • After appropriate testing, immediately apply updates provided by Google Android or mobile carriers to vulnerable systems.
  • Remind users to only download applications from trusted vendors in the Play Store.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding threats posed by hypertext links contained in emails or attachments, especially from un-trusted sources.
References: 

Google:

http://source.android.com/security/bulletin/2018-04-01

 

CVE: 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9971

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9972

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9976

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9981

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9985

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9986

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9987

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9988

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9989

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9990

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9991

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9993

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9994

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9995

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9996

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9997

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9998

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10039

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10043

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10044

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10045

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10046

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10047

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10048

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10050

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10051

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10052

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10053

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10054

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10055

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10056

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10057

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10058

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10059

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10062

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10063

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0574

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0576

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8593

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8594

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9063

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9064

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9065

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9066

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9108

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9109

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9110

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9111

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9112

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9113

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9114

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9115

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9116

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9118

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9119

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9120

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9122

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9123

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9124

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9126

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9127

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9128

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9129

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9130

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9131

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9132

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9133

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9134

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9135

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9136

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9137

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9138

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9139

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9140

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9141

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9142

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9143

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9144

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9145

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9146

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9147

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9148

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9149

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9150

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9151

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9152

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9153

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9156

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9157

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9158

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9159

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9160

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9161

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9162

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9163

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9164

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9165

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9166

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9167

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9169

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9170

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9171

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9172

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9173

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9174

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9175

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9176

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9177

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9178

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9179

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9180

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9181

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9182

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9183

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9184

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9185

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9186

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9187

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9188

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9189

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9190

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9191

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9192

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9193

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9194

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9195

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9196

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9197

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9198

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9199

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9200

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9201

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9202

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9203

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9204

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9205

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9206

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9207

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9208

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9209

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9210

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9211

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9212

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9213

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9215

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9216

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9217

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9218

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9219

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9220

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9221

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9222

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9223

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9224

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5348

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10380

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10381

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10384

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10385

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10386

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10387

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10390

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10392

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10406

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10407

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10409

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10410

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10411

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10412

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10414

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10415

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10416

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10417

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10418

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10419

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10420

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10421

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10422

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10423

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10424

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10425

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10426

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10427

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10428

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10429

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10430

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10431

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10432

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10433

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10434

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10435

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10436

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10438

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10439

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10440

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10441

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10442

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10443

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10444

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10445

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10446

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10447

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10448

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10449

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10450

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10451

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10452

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10454

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10455

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10456

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10457

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10458

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10459

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10460

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10461

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10462

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10464

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10466

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10467

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10469

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10471

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10472

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10473

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10474

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10475

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10476

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10477

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10478

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10479

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10480

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10481

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10482

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10483

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10484

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10485

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10486

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10487

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10489

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10490

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10491

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10492

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10493

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10494

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10495

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10496

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10497

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10498

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10499

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10501

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1653

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8274

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8275

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11011

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13267

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13274

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13275

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13276

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13277

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13278

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13279

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13280

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13281

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13282

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13283

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13284

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13285

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13286

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13287

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13288

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13289

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13290

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13291

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13292

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13293

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15822

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17770

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18071

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18072

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18073

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18074

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18125

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18126

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18127

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18128

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18129

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18130

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18132

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18133

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18134

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18135

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18136

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18137

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18138

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18139

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18140

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18142

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18143

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18144

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18145

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18146

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18147

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3563

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3566

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3589

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3590

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3591

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3592

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3593

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3594