Vulnerabilities > Google > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-04 | CVE-2017-13282 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible stack buffer overflow due to a missing bounds check. | 9.8 |
| 2018-04-04 | CVE-2017-13281 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 8.0/8.1 In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. | 9.8 |
| 2018-04-04 | CVE-2017-13274 | Origin Validation Error vulnerability in Google Android In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. | 9.8 |
| 2018-04-04 | CVE-2017-13267 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. | 9.8 |
| 2018-04-03 | CVE-2018-3599 | Use After Free vulnerability in Google Android In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while notifying a DCI client, a Use After Free condition can occur. | 9.8 |
| 2018-04-03 | CVE-2018-3596 | Unspecified vulnerability in Google Android In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, legacy code vulnerable after migration has been removed. | 9.8 |
| 2018-04-03 | CVE-2017-18147 | Improper Input Validation vulnerability in Google Android In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in MMCP, a downlink message is not being properly validated. | 9.8 |
| 2018-03-30 | CVE-2017-17766 | Integer Overflow or Wraparound vulnerability in Google Android In wma_peer_info_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-03, the value of num_peers received from firmware is not properly validated so that an integer overflow vulnerability in the size of a buffer allocation may potentially lead to a buffer overflow. | 9.8 |
| 2018-03-30 | CVE-2017-14883 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In the function wma_unified_power_debug_stats_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-18, if the value param_buf->num_debug_register received from the FW command buffer is close to max of uint32, then the computation performed using this variable to calculate stats_registers_len may overflow to a smaller value leading to less than required memory allocated for power_stats_results and potentially a buffer overflow while copying the FW buffer to local buffer. | 9.8 |
| 2018-03-30 | CVE-2017-14881 | Use After Free vulnerability in Google Android While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-13, a use-after-free condition may potentially occur. | 9.8 |