Vulnerabilities > Google
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-06 | CVE-2017-15856 | Double Free vulnerability in Google Android Due to a race condition while processing the power stats debug file to read status, a double free condition can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 7.0 |
| 2018-07-06 | CVE-2017-15824 | Missing Release of Resource after Effective Lifetime vulnerability in Google Android In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the function UpdateDeviceStatus() writes a local stack buffer without initialization to flash memory using WriteToPartition() which may potentially leak memory. | 5.5 |
| 2018-07-06 | CVE-2017-14893 | Out-of-bounds Read vulnerability in Google Android While flashing meta image, a buffer over-read may potentially occur when the image size is smaller than the image header size or is smaller than the image header size + total image header entry in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 5.5 |
| 2018-07-06 | CVE-2017-14872 | Out-of-bounds Read vulnerability in Google Android While flashing a meta image, a buffer over-read can potentially occur when the number of images are out of the maximum range of 32 in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 5.5 |
| 2018-06-25 | CVE-2018-12716 | Information Exposure vulnerability in Google Chromecast Firmware and Home Firmware The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network, extracting the scan_results bssid fields, and sending these fields in a geolocation/v1/geolocate Google Maps Geolocation API request. | 4.3 |
| 2018-06-15 | CVE-2018-5863 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android If userspace provides a too-large WPA RSN IE length in wlan_hdd_cfg80211_set_ie(), a buffer overflow occurs in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | 7.8 |
| 2018-06-15 | CVE-2018-5860 | Access of Uninitialized Pointer vulnerability in Google Android In the MDSS driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, a data structure may be used without being initialized correctly. | 5.5 |
| 2018-06-15 | CVE-2017-18169 | Reachable Assertion vulnerability in Google Android User process can perform the kernel DOS in ashmem when doing cache maintenance operation in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | 5.5 |
| 2018-06-15 | CVE-2018-5857 | Use After Free vulnerability in Google Android In the WCD CPE codec, a Use After Free condition can occur in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | 7.8 |
| 2018-06-15 | CVE-2018-5854 | Out-of-bounds Write vulnerability in Google Android A stack-based buffer overflow can occur in fastboot from all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | 7.8 |