Vulnerabilities > Google

DATE CVE VULNERABILITY TITLE RISK
2017-06-30 CVE-2017-10709 Improper Authentication vulnerability in Google Android 6.0
The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess.
local
low complexity
google elephone CWE-287
7.2
7.2
2017-06-29 CVE-2017-3750 Unspecified vulnerability in Google Android
On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749.
local
google lenovo
6.9
6.9
2017-06-29 CVE-2017-3749 Unspecified vulnerability in Google Android
On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750.
local
google lenovo
6.9
6.9
2017-06-29 CVE-2017-3748 Local Privilege Escalation vulnerability in Lenovo VIBE Mobile
On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device).
local
low complexity
google lenovo
7.2
7.2
2017-06-27 CVE-2015-3840 Improper Access Control vulnerability in Google Android
The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission.
local
low complexity
google CWE-284
2.1
2.1
2017-06-20 CVE-2017-3082 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Flash Player
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the LocaleID class.
network
low complexity
adobe microsoft apple google linux CWE-119
critical
 10.0
10
2017-06-20 CVE-2017-3081 Use After Free vulnerability in Adobe Flash Player
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability during internal computation caused by multiple display object mask manipulations.
network
low complexity
adobe microsoft apple google linux CWE-416
critical
 10.0
10
2017-06-20 CVE-2017-3079 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Flash Player
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the internal representation of raster data.
network
low complexity
adobe microsoft apple google linux CWE-119
critical
 10.0
10
2017-06-20 CVE-2017-3078 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Flash Player
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the Adobe Texture Format (ATF) module.
network
low complexity
adobe microsoft apple google linux CWE-119
critical
 10.0
10
2017-06-20 CVE-2017-3077 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Flash Player
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the PNG image parser.
network
low complexity
adobe microsoft apple google linux CWE-119
critical
 10.0
10