Vulnerabilities > Google > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-06 | CVE-2017-14872 | Out-of-bounds Read vulnerability in Google Android While flashing a meta image, a buffer over-read can potentially occur when the number of images are out of the maximum range of 32 in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 5.5 |
| 2018-06-25 | CVE-2018-12716 | Information Exposure vulnerability in Google Chromecast Firmware and Home Firmware The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network, extracting the scan_results bssid fields, and sending these fields in a geolocation/v1/geolocate Google Maps Geolocation API request. | 4.3 |
| 2018-06-15 | CVE-2018-5860 | Access of Uninitialized Pointer vulnerability in Google Android In the MDSS driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, a data structure may be used without being initialized correctly. | 5.5 |
| 2018-06-15 | CVE-2017-18169 | Reachable Assertion vulnerability in Google Android User process can perform the kernel DOS in ashmem when doing cache maintenance operation in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | 5.5 |
| 2018-06-15 | CVE-2018-12440 | Information Exposure vulnerability in Google Boringssl 20180614 BoringSSL through 2018-06-14 allows a memory-cache side-channel attack on DSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. | 4.7 |
| 2018-06-12 | CVE-2018-3579 | Out-of-bounds Read vulnerability in Google Android In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, event->num_entries_in_page is a value received from firmware that is not properly validated which can lead to a buffer over-read | 5.5 |
| 2018-06-06 | CVE-2018-3562 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android Buffer over -read can occur while processing a FILS authentication frame in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | 5.5 |
| 2018-05-16 | CVE-2017-17689 | The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. | 5.9 |
| 2018-05-10 | CVE-2018-6246 | Information Exposure vulnerability in Google Android In Android before the 2018-05-05 security patch level, NVIDIA Widevine Trustlet contains a vulnerability in Widevine TA where the software reads data past the end, or before the beginning, of the intended buffer, which may lead to Information Disclosure. | 5.3 |
| 2018-05-04 | CVE-2018-10229 | Information Exposure vulnerability in multiple products A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API. | 4.8 |