Vulnerabilities > Google > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-12-06 CVE-2018-9566 Out-of-bounds Read vulnerability in Google Android
In process_service_search_rsp of sdp_discovery.c, there is a possible out of bounds read due to a missing bounds check.
low complexity
google CWE-125
5.7
5.7
2018-12-06 CVE-2018-9554 Information Exposure vulnerability in Google Android
In dumpExtractors of IMediaExtractor.cp, there is a possible disclosure of recently accessed media files due to a permissions bypass.
local
low complexity
google CWE-200
5.5
5.5
2018-12-06 CVE-2018-9552 Out-of-bounds Write vulnerability in Google Android
In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bounds write due to missing bounds check.
local
low complexity
google CWE-787
5.5
5.5
2018-12-06 CVE-2018-9548 Missing Authorization vulnerability in Google Android
In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation.
local
low complexity
google CWE-862
5.5
5.5
2018-12-04 CVE-2018-6116 NULL Pointer Dereference vulnerability in multiple products
A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
network
low complexity
google redhat debian CWE-476
6.5
6.5
2018-12-04 CVE-2018-6115 Improper Input Validation vulnerability in Google Chrome
Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page.
network
low complexity
google CWE-20
6.5
6.5
2018-12-04 CVE-2018-6108 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page.
network
low complexity
redhat debian google
6.5
6.5
2018-12-04 CVE-2018-6107 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
network
low complexity
redhat debian google
6.5
6.5
2018-12-04 CVE-2018-6105 Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
network
low complexity
redhat debian google
6.5
6.5
2018-12-04 CVE-2018-6104 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
network
low complexity
redhat debian google
6.5
6.5