Vulnerabilities > Google > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-04-04 | CVE-2017-13278 | Use After Free vulnerability in Google Android In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there is a possible use after free. | 7.5 |
2018-04-04 | CVE-2017-13274 | Origin Validation Error vulnerability in Google Android In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. | 7.5 |
2018-04-03 | CVE-2018-5822 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, compromised WLAN FW can potentially cause a buffer overwrite. | 7.5 |
2018-04-03 | CVE-2018-5821 | Out-of-bounds Read vulnerability in Google Android In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function wma_wow_wakeup_host_event(), wake_info->vdev_id is received from FW and is used directly as array index to access wma->interfaces whose max index should be (max_bssid-1). | 7.5 |
2018-04-03 | CVE-2018-5820 | Integer Overflow or Wraparound vulnerability in Google Android In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the function wma_tbttoffset_update_event_handler(), a parameter received from firmware is used to allocate memory for a local buffer and is not properly validated. | 7.5 |
2018-04-03 | CVE-2018-3599 | Use After Free vulnerability in Google Android In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while notifying a DCI client, a Use After Free condition can occur. | 7.5 |
2018-04-03 | CVE-2018-3596 | Unspecified vulnerability in Google Android In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, legacy code vulnerable after migration has been removed. | 7.5 |
2018-04-03 | CVE-2017-18147 | Improper Input Validation vulnerability in Google Android In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in MMCP, a downlink message is not being properly validated. | 7.5 |
2018-04-03 | CVE-2017-15836 | Integer Overflow or Wraparound vulnerability in Google Android In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, if the firmware sends a service ready event to the host with a large number in the num_hw_modes or num_phy, then it could result in an integer overflow which may potentially lead to a buffer overflow. | 7.5 |
2018-04-03 | CVE-2017-15822 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing a 802.11 management frame, a buffer overflow may potentially occur. | 8.3 |