Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Total 11875 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-5853 1 Google 1 Android 2023-12-10 4.4 MEDIUM 7.0 HIGH
A race condition exists in a driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-05-05 potentially leading to a use-after-free condition.
CVE-2017-13247 1 Google 1 Android 2023-12-10 4.6 MEDIUM 7.8 HIGH
In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-71486645.
CVE-2017-14892 1 Google 1 Android 2023-12-10 4.6 MEDIUM 7.8 HIGH
In the function msm_pcm_hw_params() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-19, the return value of q6asm_open_shared_io() is not checked properly potentially leading to a possible dangling pointer access.
CVE-2016-5179 1 Google 1 Chrome Os 2023-12-10 10.0 HIGH 9.8 CRITICAL
Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot.
CVE-2017-17766 1 Google 1 Android 2023-12-10 7.5 HIGH 9.8 CRITICAL
In wma_peer_info_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-03, the value of num_peers received from firmware is not properly validated so that an integer overflow vulnerability in the size of a buffer allocation may potentially lead to a buffer overflow.
CVE-2016-10230 1 Google 1 Android 2023-12-10 10.0 HIGH 9.8 CRITICAL
A remote code execution vulnerability in the Qualcomm crypto driver. Product: Android. Versions: Android kernel. Android ID: A-34389927. References: QC-CR#1091408.
CVE-2018-4925 4 Adobe, Apple, Google and 1 more 5 Digital Editions, Iphone Os, Mac Os X and 2 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
Adobe Digital Editions versions 4.5.7 and below have an exploitable Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2017-14877 1 Google 1 Android 2023-12-10 7.5 HIGH 9.8 CRITICAL
While the IPA driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-31 is processing IOCTL commands there is no mutex lock of allocated memory. If one thread sends an ioctl cmd IPA_IOC_QUERY_RT_TBL_INDEX while another sends an ioctl cmd IPA_IOC_DEL_RT_RULE, a use-after-free condition may occur.
CVE-2017-11010 1 Google 1 Android 2023-12-10 10.0 HIGH 9.8 CRITICAL
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 650/52, SD 835, access control left a configuration space unprotected.
CVE-2017-17769 1 Google 1 Android 2023-12-10 2.1 LOW 5.5 MEDIUM
Information leakage in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the audio driver.
CVE-2018-5820 1 Google 1 Android 2023-12-10 7.5 HIGH 7.3 HIGH
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the function wma_tbttoffset_update_event_handler(), a parameter received from firmware is used to allocate memory for a local buffer and is not properly validated. This can potentially result in an integer overflow subsequently leading to a heap overwrite.
CVE-2017-13262 1 Google 1 Android 2023-12-10 3.3 LOW 6.5 MEDIUM
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing length decrement operation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69271284.
CVE-2018-3569 1 Google 1 Android 2023-12-10 7.2 HIGH 7.8 HIGH
A buffer over-read can occur during a fast initial link setup (FILS) connection in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
CVE-2017-13238 1 Google 1 Android 2023-12-10 4.7 MEDIUM 4.2 MEDIUM
In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-64610940.
CVE-2017-13252 1 Google 1 Android 2023-12-10 9.3 HIGH 7.8 HIGH
In CryptoHal::decrypt of CryptoHal.cpp, there is an out of bounds write due to improper input validation that results in a read from uninitialized memory. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70526702.
CVE-2018-5895 1 Google 1 Android 2023-12-10 2.1 LOW 5.5 MEDIUM
Buffer over-read may happen in wma_process_utf_event() due to improper buffer length validation before writing into param_buf->num_wow_packet_buffer in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
CVE-2015-9014 1 Google 1 Android 2023-12-10 10.0 HIGH 9.8 CRITICAL
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393750.
CVE-2018-12440 1 Google 1 Boringssl 2023-12-10 1.9 LOW 4.7 MEDIUM
BoringSSL through 2018-06-14 allows a memory-cache side-channel attack on DSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a DSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
CVE-2018-4919 5 Adobe, Apple, Google and 2 more 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more 2023-12-10 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2017-15395 2 Debian, Google 2 Debian Linux, Chrome 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference.