Vulnerabilities > Google > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-27 CVE-2024-39434 Out-of-bounds Read vulnerability in Google Android 13.0/14.0
In drm service, there is a possible out of bounds read due to a missing bounds check.
local
low complexity
google CWE-125
4.4
2024-09-17 CVE-2024-8906 Unspecified vulnerability in Google Chrome
Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.
network
low complexity
google
4.3
2024-09-17 CVE-2024-8907 Cross-site Scripting vulnerability in Google Chrome
Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures.
network
low complexity
google CWE-79
6.1
2024-09-17 CVE-2024-8908 Unspecified vulnerability in Google Chrome
Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page.
network
low complexity
google
4.3
2024-09-17 CVE-2024-8909 Unspecified vulnerability in Google Chrome
Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page.
network
low complexity
google
4.3
2024-09-13 CVE-2024-44096 Insecure Default Initialization of Resource vulnerability in Google Android
there is a possible arbitrary read due to an insecure default value.
local
low complexity
google CWE-1188
4.4
2024-09-11 CVE-2024-40656 Unspecified vulnerability in Google Android
In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to reveal images across users due to a confused deputy.
local
low complexity
google
5.5
2024-09-11 CVE-2024-40659 Unspecified vulnerability in Google Android 14.0
In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable the AndroidKeyStore key generation feature by updating the attestation keys of all installed apps due to improper input validation.
local
low complexity
google
5.5
2024-09-02 CVE-2024-20084 Out-of-bounds Read vulnerability in multiple products
In power, there is a possible out of bounds read due to a missing bounds check.
4.4
2024-09-02 CVE-2024-20085 Out-of-bounds Read vulnerability in multiple products
In power, there is a possible out of bounds read due to a missing bounds check.
4.4