Vulnerabilities > Google > High

DATE CVE VULNERABILITY TITLE RISK
2018-11-14 CVE-2018-9528 Out-of-bounds Write vulnerability in Google Android 9.0
In ixheaacd_over_lap_add1_armv8 of ixheaacd_overlap_add1.s there is a possible out of bounds write due to a missing bounds check.
network
low complexity
google CWE-787
8.8
8.8
2018-11-14 CVE-2018-9527 Out-of-bounds Write vulnerability in Google Android
In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check.
local
low complexity
google CWE-787
7.8
7.8
2018-11-14 CVE-2018-9526 Information Exposure vulnerability in Google Android 9.0
In device configuration data, there is an improperly configured setting.
network
low complexity
google CWE-200
7.5
7.5
2018-11-14 CVE-2018-9525 Unspecified vulnerability in Google Android 9.0
In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a possible permissions bypass due to a confused deputy.
local
low complexity
google
7.8
7.8
2018-11-14 CVE-2018-9524 Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android
In functionality implemented in System UI, there are insufficient protections implemented around overlay windows.
local
low complexity
google CWE-1021
7.8
7.8
2018-11-14 CVE-2018-9523 Improper Input Validation vulnerability in Google Android
In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation.
local
low complexity
google CWE-20
7.8
7.8
2018-11-14 CVE-2018-9522 Out-of-bounds Write vulnerability in Google Android 9.0
In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused.
local
low complexity
google CWE-787
7.8
7.8
2018-11-14 CVE-2018-9521 Out-of-bounds Write vulnerability in Google Android 9.0
In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check.
network
low complexity
google CWE-787
8.8
8.8
2018-11-14 CVE-2018-6083 Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.
network
low complexity
google redhat debian
8.8
8.8
2018-11-14 CVE-2018-6074 Improper Input Validation vulnerability in multiple products
Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page.
network
low complexity
google redhat debian CWE-20
8.8
8.8