Vulnerabilities > Google > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-04 | CVE-2017-0813 | Missing Release of Resource after Effective Lifetime vulnerability in Google Android A denial of service vulnerability in the Android media framework (libstagefright). | 5.0 |
| 2017-10-04 | CVE-2017-0808 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in the Android framework (file system). | 5.0 |
| 2017-09-26 | CVE-2015-0874 | Improper Certificate Validation vulnerability in OKB Smart Passbook 1.0.0 Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate. | 4.3 |
| 2017-09-26 | CVE-2014-0997 | Data Processing Errors vulnerability in Google Android 4.1.2/4.2.2/4.4.4 WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame. | 5.0 |
| 2017-09-21 | CVE-2017-9720 | Off-by-one Error vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, due to an off-by-one error in a camera driver, an out-of-bounds read/write can occur. | 6.8 |
| 2017-09-21 | CVE-2017-9677 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads, while it is not protected with locks. | 6.8 |
| 2017-09-21 | CVE-2017-8280 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a memory leak and a buffer overflow during the context switch. | 5.1 |
| 2017-09-21 | CVE-2017-8277 | Use After Free vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function msm_dba_register_client, if the client registers failed, it would be freed. | 6.8 |
| 2017-09-21 | CVE-2017-8251 | Improper Validation of Array Index vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, in functions msm_isp_check_stream_cfg_cmd & msm_isp_stats_update_cgc_override, 'stream_cfg_cmd->num_streams' is not checked, and could overflow the array stream_cfg_cmd->stream_handle. | 6.8 |
| 2017-09-21 | CVE-2017-8250 | Integer Overflow or Wraparound vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, user controlled variables "nr_cmds" and "nr_bos" number are passed across functions without any check. | 6.8 |