Vulnerabilities > Google > Android > High

DATE CVE VULNERABILITY TITLE RISK
2018-04-04 CVE-2017-13288 Incorrect Calculation vulnerability in Google Android 8.0/8.1
In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, there is a permission bypass due to a 64/32bit int mismatch.
local
low complexity
google CWE-682
7.8
2018-04-04 CVE-2017-13287 Improper Input Validation vulnerability in Google Android
In createFromParcel of VerifyCredentialResponse.java, there is a possible invalid parcel read due to improper input validation.
local
low complexity
google CWE-20
7.8
2018-04-04 CVE-2017-13286 Deserialization of Untrusted Data vulnerability in Google Android 8.0/8.1
In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due to mismatched serialization.
local
low complexity
google CWE-502
7.8
2018-04-04 CVE-2017-13280 Out-of-bounds Read vulnerability in Google Android
In the FrameSequence_gif::FrameSequence_gif function of libframesequence, there is a out of bounds read due to a missing bounds check.
network
low complexity
google CWE-125
7.5
2018-04-04 CVE-2017-13278 Use After Free vulnerability in Google Android
In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there is a possible use after free.
local
low complexity
google CWE-416
7.8
2018-04-04 CVE-2017-13277 Out-of-bounds Write vulnerability in Google Android
In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check.
local
low complexity
google CWE-787
7.8
2018-04-04 CVE-2017-13276 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible stack buffer overflow due to a missing bounds check.
local
low complexity
google CWE-119
7.8
2018-04-03 CVE-2018-5828 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function wma_extscan_start_stop_event_handler(), vdev_id comes from the variable event from firmware and is not properly validated potentially leading to a buffer overwrite.
local
low complexity
google CWE-119
7.8
2018-04-03 CVE-2018-5825 Use After Free vulnerability in Google Android
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the kernel IPA driver, a Use After Free condition can occur.
local
low complexity
google CWE-416
7.8
2018-04-03 CVE-2018-5824 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing HTT_T2H_MSG_TYPE_RX_FLUSH or HTT_T2H_MSG_TYPE_RX_PN_IND messages, a buffer overflow can occur if the tid value obtained from the firmware is out of range.
local
low complexity
google CWE-119
7.8