Vulnerabilities > Google > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-03 | CVE-2017-14894 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in wma_vdev_start_resp_handler(), vdev id is received from firmware as part of WMI_VDEV_START_RESP_EVENTID. | 7.5 |
| 2018-04-03 | CVE-2017-14890 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the processing of an SWBA event, the vdev_map value is not properly validated leading to a potential buffer overwrite in function wma_send_bcn_buf_ll(). | 7.5 |
| 2018-03-30 | CVE-2017-17766 | Integer Overflow or Wraparound vulnerability in Google Android In wma_peer_info_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-03, the value of num_peers received from firmware is not properly validated so that an integer overflow vulnerability in the size of a buffer allocation may potentially lead to a buffer overflow. | 7.5 |
| 2018-03-30 | CVE-2017-14883 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In the function wma_unified_power_debug_stats_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-18, if the value param_buf->num_debug_register received from the FW command buffer is close to max of uint32, then the computation performed using this variable to calculate stats_registers_len may overflow to a smaller value leading to less than required memory allocated for power_stats_results and potentially a buffer overflow while copying the FW buffer to local buffer. | 7.5 |
| 2018-03-30 | CVE-2017-14881 | Use After Free vulnerability in Google Android While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-13, a use-after-free condition may potentially occur. | 7.5 |
| 2018-03-30 | CVE-2017-14877 | Use After Free vulnerability in Google Android While the IPA driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-31 is processing IOCTL commands there is no mutex lock of allocated memory. | 7.5 |
| 2018-03-30 | CVE-2017-14876 | Out-of-bounds Write vulnerability in Google Android In msm_ispif_config_stereo() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-21, the parameter params->entries[i].vfe_intf comes from userspace without any bounds check which could potentially result in a kernel out-of-bounds write. | 7.5 |
| 2018-03-27 | CVE-2014-4959 | SQL Injection vulnerability in Google Android **DISPUTED** SQL injection vulnerability in SQLiteDatabase.java in the SQLi Api in Android allows remote attackers to execute arbitrary SQL commands via the delete method. | 7.5 |
| 2018-03-15 | CVE-2017-18069 | Out-of-bounds Read vulnerability in Google Android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper message length calculation in oem_cmd_handler() while processing a WLAN_NL_MSG_OEM netlink message leads to buffer overread. | 7.8 |
| 2018-03-15 | CVE-2017-18068 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper buffer length calculation in wma_roam_scan_filter() leads to buffer overflow. | 7.2 |