Vulnerabilities > Google

DATE CVE VULNERABILITY TITLE RISK
2017-06-13 CVE-2014-9966 Race Condition vulnerability in Google Android
In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists in Secure Display.
network
high complexity
google CWE-362
7.6
2017-06-13 CVE-2014-9965 Improper Input Validation vulnerability in Google Android
In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of an SCM call.
network
google CWE-20
critical
9.3
2017-06-13 CVE-2014-9964 Integer Overflow or Wraparound vulnerability in Google Android
In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in debug functionality.
network
google CWE-190
critical
9.3
2017-06-13 CVE-2014-9963 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WideVine DRM.
network
google CWE-119
critical
9.3
2017-06-13 CVE-2014-9962 Improper Input Validation vulnerability in Google Android
In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of a DRM provisioning command.
network
google CWE-20
critical
9.3
2017-06-13 CVE-2014-9961 Improper Access Control vulnerability in Google Android
In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection.
network
google CWE-284
critical
9.3
2017-06-13 CVE-2014-9960 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API.
network
google CWE-119
critical
9.3
2017-06-08 CVE-2014-7919 NULL Pointer Dereference vulnerability in Google Android
b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger a denial of service (null pointer dereference and process crash).
network
low complexity
google CWE-476
7.5
2017-06-06 CVE-2015-3830 Improper Input Validation vulnerability in Google Android
The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for legitimate domain names.
network
google CWE-20
4.3
2017-06-06 CVE-2015-1207 Double Free vulnerability in multiple products
Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file.
network
low complexity
google debian CWE-415
6.5