Vulnerabilities > Google > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-28 | CVE-2017-15416 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read. | 6.5 |
| 2018-08-28 | CVE-2017-15415 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page. | 6.5 |
| 2018-08-23 | CVE-2018-6558 | Unspecified vulnerability in Google Fscrypt The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam). | 6.5 |
| 2018-08-07 | CVE-2018-5383 | Improper Verification of Cryptographic Signature vulnerability in multiple products Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. | 6.8 |
| 2018-07-06 | CVE-2018-5865 | Integer Underflow (Wrap or Wraparound) vulnerability in Google Android While processing a debug log event from firmware in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, an integer underflow and/or buffer over-read can occur. | 5.5 |
| 2018-07-06 | CVE-2018-5864 | Out-of-bounds Read vulnerability in Google Android While processing a WMI_APFIND event in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read and information leak can potentially occur. | 5.5 |
| 2018-07-06 | CVE-2018-5895 | Out-of-bounds Read vulnerability in Google Android Buffer over-read may happen in wma_process_utf_event() due to improper buffer length validation before writing into param_buf->num_wow_packet_buffer in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 5.5 |
| 2018-07-06 | CVE-2018-5836 | Out-of-bounds Read vulnerability in Google Android In wma_nan_rsp_event_handler() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the data_len value is received from firmware and not properly validated which could potentially lead to an out-of-bounds access. | 5.5 |
| 2018-07-06 | CVE-2017-15824 | Missing Release of Resource after Effective Lifetime vulnerability in Google Android In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the function UpdateDeviceStatus() writes a local stack buffer without initialization to flash memory using WriteToPartition() which may potentially leak memory. | 5.5 |
| 2018-07-06 | CVE-2017-14893 | Out-of-bounds Read vulnerability in Google Android While flashing meta image, a buffer over-read may potentially occur when the image size is smaller than the image header size or is smaller than the image header size + total image header entry in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 5.5 |