Vulnerabilities > Google > Android > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-09-18 | CVE-2018-11273 | Double Free vulnerability in Google Android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, 'voice_svc_dev' is allocated as a device-managed resource. | 4.6 |
2018-09-18 | CVE-2018-11270 | Double Free vulnerability in Google Android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated with devm_kzalloc is automatically released by the kernel if the probe function fails with an error code. | 4.6 |
2018-09-18 | CVE-2018-11265 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possible buffer overflow while incrementing the log_buf of type uint64_t in memcpy function, since the log_buf pointer can access the memory beyond the size to store the data after pointer increment. | 4.6 |
2018-09-18 | CVE-2017-15828 | Integer Overflow or Wraparound vulnerability in Google Android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing the keystore in LK, an integer overflow vulnerability exists which may potentially lead to a buffer overflow. | 4.6 |
2018-09-18 | CVE-2017-15825 | Out-of-bounds Read vulnerability in Google Android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a gpt update, an out of bounds memory access may potentially occur. | 4.6 |
2018-09-06 | CVE-2018-11263 | Improper Validation of Array Index vulnerability in Google Android In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FW and is used to access the buffer to copy the radio stats received for each radio from FW. | 5.8 |
2018-08-07 | CVE-2018-5383 | Improper Verification of Cryptographic Signature vulnerability in multiple products Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. | 4.3 |
2018-07-06 | CVE-2018-5886 | Out-of-bounds Read vulnerability in Google Android A pointer in an ADSPRPC command is not properly validated in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), which can lead to kernel memory being accessed. | 5.0 |
2018-07-06 | CVE-2018-5862 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, when SCAN_SSIDS and QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES are parsed, a buffer overwrite can potentially occur. | 4.6 |
2018-07-06 | CVE-2018-5859 | Use After Free vulnerability in Google Android Due to a race condition in the MDSS MDP driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a Use After Free condition can occur. | 4.4 |