Vulnerabilities > Google > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-26 | CVE-2021-0402 | Out-of-bounds Write vulnerability in Google Android 11.0 In jpeg, there is a possible out of bounds write due to improper input validation. | 6.7 |
| 2021-02-26 | CVE-2021-0401 | Race Condition vulnerability in Google Android 10.0/11.0 In vow, there is a possible memory corruption due to a race condition. | 6.4 |
| 2021-02-26 | CVE-2021-0367 | Race Condition vulnerability in Google Android 10.0/11.0 In vpu, there is a possible memory corruption due to a race condition. | 6.4 |
| 2021-02-26 | CVE-2021-0366 | Race Condition vulnerability in Google Android 10.0/11.0 In vpu, there is a possible memory corruption due to a race condition. | 6.4 |
| 2021-02-23 | CVE-2020-8902 | Server-Side Request Forgery (SSRF) vulnerability in Google Rendertron Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery (SSRF) attack. | 4.3 |
| 2021-02-19 | CVE-2021-3189 | Open Redirect vulnerability in Google Slashify 1.0.0 The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring. | 6.1 |
| 2021-02-10 | CVE-2021-0338 | Allocation of Resources Without Limits or Throttling vulnerability in Google Android 10.0/11.0 In SystemSettingsValidators, there is a possible permanent denial of service due to missing bounds checks on UI settings. | 5.5 |
| 2021-02-10 | CVE-2021-0335 | Use After Free vulnerability in Google Android 11.0 In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. | 6.5 |
| 2021-02-09 | CVE-2021-21147 | Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 4.3 |
| 2021-02-09 | CVE-2021-21141 | Injection vulnerability in multiple products Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page. | 6.5 |