Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-01-10 CVE-2017-14870 Information Exposure vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating the recovery message for eMMC devices, 1088 bytes of stack memory can potentially be leaked.
network
low complexity
google CWE-200
7.5
2018-01-10 CVE-2017-14869 Information Exposure vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while performing update of FOTA partition, uninitialized data can be pushed to storage.
network
low complexity
google CWE-200
7.5
2018-01-10 CVE-2017-11081 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a potential buffer overflow vulnerability in hdd_parse_setrmcenable_command and hdd_parse_setrmcactionperiod_command APIs as buffers defined in this API can hold maximum 32 bytes but data more than 32 bytes can get copied.
local
low complexity
google CWE-119
7.8
2018-01-10 CVE-2017-11080 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a user supplied sparse image, a buffer overflow vulnerability could occur if the sparse header block size is equal to 4294967296.
local
low complexity
google CWE-119
7.8
2018-01-10 CVE-2017-11066 Information Exposure vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing ubi image an uninitialized memory could be accessed.
network
low complexity
google CWE-200
7.5
2018-01-10 CVE-2017-11003 Classic Buffer Overflow vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating a firmware image, data is read from flash into RAM without checking that the data fits into allotted RAM size.
local
low complexity
google CWE-120
7.8
2018-01-10 CVE-2017-15849 Use After Free vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a LayerStack can be destroyed in between Validate and Commit by the application resulting in a Use After Free condition.
local
low complexity
google CWE-416
7.8
2018-01-10 CVE-2017-12189 Unspecified vulnerability in Redhat products
It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation.
local
low complexity
redhat
7.8
2018-01-10 CVE-2017-11069 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, manipulation of SafeSwitch Image data can result in Heap overflow.
local
low complexity
google CWE-119
7.8
2018-01-10 CVE-2017-3765 Improper Authentication vulnerability in Lenovo Enterprise Network Operating System 8.4.0.0
In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces.
local
high complexity
lenovo CWE-287
7.0