Vulnerabilities > Google > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-27 | CVE-2018-11906 | Incorrect Default Permissions vulnerability in Google Android In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs. | 7.2 |
| 2018-11-27 | CVE-2018-11261 | Use After Free vulnerability in Google Android In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible Use-after-free issue in Media Codec process. | 7.2 |
| 2018-11-17 | CVE-2018-19333 | Unspecified vulnerability in Google Gvisor 20180823 pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via vectors involving IPC_RMID shmctl calls, because reference counting is mishandled. | 7.5 |
| 2018-11-14 | CVE-2018-9580 | Unspecified vulnerability in Google Android A Elevation of privilege vulnerability in the HTC bootloader. | 7.5 |
| 2018-11-14 | CVE-2018-9525 | Unspecified vulnerability in Google Android 9.0 In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a possible permissions bypass due to a confused deputy. | 7.2 |
| 2018-11-14 | CVE-2018-9523 | Improper Input Validation vulnerability in Google Android In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. | 7.2 |
| 2018-11-14 | CVE-2018-9522 | Out-of-bounds Write vulnerability in Google Android 9.0 In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. | 7.2 |
| 2018-11-14 | CVE-2018-6083 | Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page. | 8.8 |
| 2018-11-14 | CVE-2018-6074 | Improper Input Validation vulnerability in multiple products Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page. | 8.8 |
| 2018-11-14 | CVE-2018-6073 | Out-of-bounds Write vulnerability in multiple products A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | 8.8 |