Vulnerabilities > Google > High

DATE CVE VULNERABILITY TITLE RISK
2018-10-02 CVE-2018-9501 Unspecified vulnerability in Google Android
In the SetupWizard, there is a possible Factory Reset Protection bypass due to a permissions bypass.
local
low complexity
google
7.8
7.8
2018-10-02 CVE-2018-9498 Integer Overflow or Wraparound vulnerability in Google Android
In SkSampler::Fill of SkSampler.cpp, there is a possible out of bounds write due to an integer overflow.
local
low complexity
google CWE-190
7.8
7.8
2018-10-02 CVE-2018-9497 Out-of-bounds Write vulnerability in Google Android
In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv_av8 of impeg2_format_conv.s there is a possible out of bounds write due to missing bounds check.
local
low complexity
google CWE-787
7.8
7.8
2018-10-02 CVE-2018-9496 Out-of-bounds Write vulnerability in Google Android 9.0
In ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c there is a possible out of bounds write due to a missing bounds check.
local
low complexity
google CWE-787
7.8
7.8
2018-10-02 CVE-2018-9492 Incorrect Authorization vulnerability in Google Android 8.0/8.1/9.0
In checkGrantUriPermissionLocked of ActivityManagerService.java, there is a possible permissions bypass.
local
low complexity
google CWE-863
7.8
7.8
2018-10-02 CVE-2018-9491 Integer Overflow or Wraparound vulnerability in Google Android
In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a possible out-of-bounds write due to an integer overflow.
local
low complexity
google CWE-190
7.8
7.8
2018-10-02 CVE-2018-9490 Incorrect Type Conversion or Cast vulnerability in Google Android
In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion.
local
low complexity
google CWE-704
7.8
7.8
2018-10-02 CVE-2018-9473 Integer Overflow or Wraparound vulnerability in Google Android 8.0
In ihevcd_parse_sei_payload of ihevcd_parse_headers.c, there is a possible out-of-bounds write due to an integer overflow.
local
low complexity
google CWE-190
7.8
7.8
2018-09-25 CVE-2018-6055 Improper Input Validation vulnerability in Google Chrome
Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page.
network
low complexity
google CWE-20
8.8
8.8
2018-09-25 CVE-2018-6054 Use After Free vulnerability in multiple products
Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
network
low complexity
google redhat debian CWE-416
8.8
8.8