Vulnerabilities > Google > Android > High

DATE CVE VULNERABILITY TITLE RISK
2019-02-11 CVE-2018-9582 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 8.0/8.1/9.0
In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario.
local
low complexity
google CWE-610
7.8
2019-02-11 CVE-2018-13893 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Out of bound mask range access caused by using possible old value of msg mask table count while copying masks to userspace.
local
low complexity
google CWE-119
7.8
2019-02-11 CVE-2018-13889 Use After Free vulnerability in Google Android
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Heap memory was accessed after it was freed
local
low complexity
google CWE-416
7.8
2019-02-11 CVE-2018-12014 Use After Free vulnerability in Google Android
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Null pointer dereference vulnerability may occur due to missing NULL assignment in NAT module of freed pointer.
local
low complexity
google CWE-416
7.8
2019-02-11 CVE-2018-12010 Out-of-bounds Write vulnerability in Google Android
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Absence of length sanity check may lead to possible stack overflow resulting in memory corruption in trustzone region.
local
low complexity
google CWE-787
7.8
2019-02-11 CVE-2018-11962 Use After Free vulnerability in Google Android
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Use-after-free issue in heap while loading audio effects config in audio effects factory.
local
low complexity
google CWE-416
7.8
2019-01-31 CVE-2018-6241 Improper Input Validation vulnerability in Google Android
NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges.
local
low complexity
google CWE-20
7.8
2018-12-20 CVE-2018-11988 Use After Free vulnerability in Google Android
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Un-trusted pointer de-reference issue by accessing a variable which is already freed.
local
low complexity
google CWE-416
7.8
2018-12-20 CVE-2018-11987 Double Free vulnerability in Google Android
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in wrong pointer access causing kernel panic.
local
low complexity
google CWE-415
7.8
2018-12-20 CVE-2018-11986 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in TX and RX FIFOs of microcontroller in camera subsystem used to exchange commands and messages between Micro FW and CPP driver.
local
low complexity
google CWE-119
7.8