While processing a WMI_APFIND event in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read and information leak can potentially occur.
In an audio driver function in all Qualcomm products with Android releases from CAF using the Linux kernel, some parameters are from userspace, and if they are set to a large value, integer overflow is possible followed by buffer overflow. In another function, a missing check for a lower bound may result in an out of bounds memory access.
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).
Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.