Vulnerabilities > Google > Android > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-12 | CVE-2017-13180 | Use After Free vulnerability in Google Android In the onQueueFilled function of SoftAVCDec, there is a possible out-of-bounds write due to a use after free if a bad header causes the decoder to get caught in a loop while another thread frees the memory it's accessing. | 7.8 |
| 2018-01-12 | CVE-2017-13176 | Improper Input Validation vulnerability in Google Android In the parseURL function of URLStreamHandler, there is improper input validation of the host field. | 8.8 |
| 2018-01-12 | CVE-2017-0855 | Missing Release of Resource after Effective Lifetime vulnerability in Google Android In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up internal buffers which could lead to memory leaks. | 7.5 |
| 2018-01-12 | CVE-2017-0846 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in the Android framework (clipboardservice). | 7.5 |
| 2018-01-12 | CVE-2014-7952 | Injection vulnerability in Google Android The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams. | 7.8 |
| 2018-01-12 | CVE-2017-0869 | Use After Free vulnerability in Google Android NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. | 7.8 |
| 2018-01-10 | CVE-2017-9712 | Out-of-bounds Read vulnerability in Google Android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, if userspace provides a too-large IE length in wlan_hdd_cfg80211_set_ie, a buffer over-read occurs. | 7.5 |
| 2018-01-10 | CVE-2017-9705 | Double Free vulnerability in Google Android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, concurrent rx notifications and read() operations in the G-Link PKT driver can result in a double free condition due to missing locking resulting in list_del() and list_add() overlapping and corrupting the next and previous pointers. | 7.8 |
| 2018-01-10 | CVE-2017-9689 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a specially-crafted HDMI CEC message can be used to cause stack memory corruption. | 7.8 |
| 2018-01-10 | CVE-2017-15850 | Information Exposure vulnerability in Google Android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, userspace can read values from audio codec registers. | 7.5 |