Vulnerabilities > Google > Android

DATE CVE VULNERABILITY TITLE RISK
2018-01-12 CVE-2017-13176 Improper Input Validation vulnerability in Google Android
In the parseURL function of URLStreamHandler, there is improper input validation of the host field.
network
low complexity
google CWE-20
8.8
2018-01-12 CVE-2017-0855 Missing Release of Resource after Effective Lifetime vulnerability in Google Android
In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up internal buffers which could lead to memory leaks.
network
low complexity
google CWE-772
7.5
2018-01-12 CVE-2017-0846 Information Exposure vulnerability in Google Android
An information disclosure vulnerability in the Android framework (clipboardservice).
network
low complexity
google CWE-200
7.5
2018-01-12 CVE-2014-7952 Injection vulnerability in Google Android
The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams.
local
low complexity
google CWE-74
7.8
2018-01-12 CVE-2017-0869 Use After Free vulnerability in Google Android
NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process.
local
low complexity
google CWE-416
7.8
2018-01-10 CVE-2017-9712 Out-of-bounds Read vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, if userspace provides a too-large IE length in wlan_hdd_cfg80211_set_ie, a buffer over-read occurs.
network
low complexity
google CWE-125
7.5
2018-01-10 CVE-2017-9705 Double Free vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, concurrent rx notifications and read() operations in the G-Link PKT driver can result in a double free condition due to missing locking resulting in list_del() and list_add() overlapping and corrupting the next and previous pointers.
local
low complexity
google CWE-415
7.8
2018-01-10 CVE-2017-9689 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a specially-crafted HDMI CEC message can be used to cause stack memory corruption.
local
low complexity
google CWE-119
7.8
2018-01-10 CVE-2017-15850 Information Exposure vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, userspace can read values from audio codec registers.
network
low complexity
google CWE-200
7.5
2018-01-10 CVE-2017-15848 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the fastrpc kernel driver, a buffer overflow vulnerability from userspace may potentially exist.
local
low complexity
google CWE-119
7.8