Vulnerabilities > Google > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-20 | CVE-2018-11964 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Exposing the hashed content in /etc/passwd may lead to security issue. | 7.8 |
| 2018-12-20 | CVE-2018-11963 | Out-of-bounds Read vulnerability in Google Android In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Buffer overread may occur due to non-null terminated strings while processing vsprintf in camera jpeg driver. | 7.8 |
| 2018-12-20 | CVE-2018-11961 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possibility of accessing out of bound vector index When updating some GNSS configurations. | 7.8 |
| 2018-12-20 | CVE-2018-11960 | Use After Free vulnerability in Google Android In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition can occur in the SPS driver which can lead to error in kernel. | 7.8 |
| 2018-12-20 | CVE-2017-9704 | Use After Free vulnerability in Google Android In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, There is no synchronization between msm_vb2 buffer operations which can lead to use after free. | 7.8 |
| 2018-12-17 | CVE-2017-18355 | Information Exposure vulnerability in Google Rendertron 1.0.0 Installed packages are exposed by node_modules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the "_where" attribute of package.json files. | 7.5 |
| 2018-12-17 | CVE-2017-18354 | Path Traversal vulnerability in Google Rendertron 1.0.0 Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker. | 7.5 |
| 2018-12-17 | CVE-2017-18353 | Unspecified vulnerability in Google Rendertron 1.0.0 Rendertron 1.0.0 includes an _ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. | 7.5 |
| 2018-12-11 | CVE-2018-18359 | Out-of-bounds Read vulnerability in multiple products Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 8.8 |
| 2018-12-11 | CVE-2018-18356 | Use After Free vulnerability in multiple products An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |