Vulnerabilities > Google > Android > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-12 | CVE-2017-6285 | Out-of-bounds Read vulnerability in Google Android NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. | 5.5 |
| 2018-03-06 | CVE-2017-6284 | Inadequate Encryption Strength vulnerability in multiple products NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened encryption scheme that is unable to protect sensitive data which may lead to information disclosure.This issue is rated as moderate. | 5.5 |
| 2018-03-06 | CVE-2017-6283 | Information Exposure vulnerability in multiple products NVIDIA Security Engine contains a vulnerability in the RSA function where the keyslot read/write lock permissions are cleared on a chip reset which may lead to information disclosure. | 5.5 |
| 2018-02-12 | CVE-2017-13238 | Information Exposure vulnerability in Google Android In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. | 4.2 |
| 2018-02-12 | CVE-2017-13235 | NULL Pointer Dereference vulnerability in Google Android A other vulnerability in the Android media framework (n/a). | 6.5 |
| 2018-02-12 | CVE-2017-13234 | Missing Release of Resource after Effective Lifetime vulnerability in Google Android In DLSParser of the sonivox library, there is possible resource exhaustion due to a memory leak. | 6.5 |
| 2018-02-12 | CVE-2017-13233 | Resource Exhaustion vulnerability in Google Android In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible resource exhaustion. | 6.5 |
| 2018-01-18 | CVE-2017-17860 | Improper Input Validation vulnerability in Google Android In Samsung Gear products, Bluetooth link key is updated to the different key which is same with attacker's link key. | 5.7 |
| 2018-01-12 | CVE-2017-13218 | Information Exposure vulnerability in Google Android Access to CNTVCT_EL0 in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear could be used for side channel attacks and this could lead to local information disclosure with no additional execution privileges needed in FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA4531, QCA9980, QCN5502, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845. | 4.7 |
| 2017-12-28 | CVE-2015-7889 | Permission Issues vulnerability in Google Android The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent. | 5.5 |