Vulnerabilities > Google > Android > Low

DATE CVE VULNERABILITY TITLE RISK
2018-12-06 CVE-2018-9548 Missing Authorization vulnerability in Google Android
In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation.
local
low complexity
google CWE-862
2.1
2018-12-06 CVE-2018-9554 Information Exposure vulnerability in Google Android
In dumpExtractors of IMediaExtractor.cp, there is a possible disclosure of recently accessed media files due to a permissions bypass.
local
low complexity
google CWE-200
2.1
2018-12-06 CVE-2018-9566 Out-of-bounds Read vulnerability in Google Android
In process_service_search_rsp of sdp_discovery.c, there is a possible out of bounds read due to a missing bounds check.
2.9
2018-11-14 CVE-2018-9457 Missing Authorization vulnerability in Google Android 8.0/8.1/9.0
In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass.
local
low complexity
google CWE-862
2.1
2018-11-14 CVE-2018-9543 Information Exposure vulnerability in Google Android
In trim_device of f2fs_format_utils.c, it is possible that the data partition is not wiped during a factory reset.
local
low complexity
google CWE-200
2.1
2018-11-14 CVE-2018-9544 Out-of-bounds Read vulnerability in Google Android 9.0
In register_app of btif_hd.cc, there is a possible out-of-bounds read due to a missing bounds check.
local
low complexity
google CWE-125
2.1
2018-10-29 CVE-2017-18281 Out-of-bounds Read vulnerability in Google Android
A bool variable in Video function, which gets typecasted to int before being read could result in an out of bound read access in all Android releases from CAF using the linux kernel
local
low complexity
google CWE-125
2.1
2018-09-19 CVE-2018-3574 Improper Input Validation vulnerability in Google Android
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, userspace can request ION cache maintenance on a secure ION buffer for which the ION_FLAG_SECURE ion flag is not set and cause the kernel to attempt to perform cache maintenance on memory which does not belong to HLOS.
local
low complexity
google CWE-20
2.1
2018-09-18 CVE-2017-15844 Out-of-bounds Read vulnerability in Google Android
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the function for writing device values into flash, uninitialized memory can be written to flash.
local
low complexity
google CWE-125
2.1
2018-09-18 CVE-2018-11293 Out-of-bounds Read vulnerability in Google Android
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and num_ndp_app_info is from fw.
low complexity
google CWE-125
3.3