Vulnerabilities > Google > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-25 CVE-2024-47034 Out-of-bounds Read vulnerability in Google Android
there is a possible out of bounds read due to a missing bounds check.
local
low complexity
google CWE-125
5.5
2024-10-15 CVE-2024-9958 Unspecified vulnerability in Google Chrome
Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page.
network
low complexity
google
4.3
2024-10-15 CVE-2024-9962 Unspecified vulnerability in Google Chrome
Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.
network
low complexity
google
4.3
2024-10-15 CVE-2024-9963 Unspecified vulnerability in Google Chrome
Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.
network
low complexity
google
4.3
2024-10-15 CVE-2024-9964 Unspecified vulnerability in Google Chrome
Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension.
network
low complexity
google
4.3
2024-10-15 CVE-2024-9966 Unspecified vulnerability in Google Chrome
Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page.
network
low complexity
google
5.3
2024-10-09 CVE-2024-39436 Command Injection vulnerability in Google Android 13.0/14.0
In linkturbonative service, there is a possible command injection due to improper input validation.
local
low complexity
google CWE-77
6.7
2024-10-09 CVE-2024-39437 Command Injection vulnerability in Google Android 13.0/14.0
In linkturbonative service, there is a possible command injection due to improper input validation.
local
low complexity
google CWE-77
6.7
2024-10-09 CVE-2024-39438 Command Injection vulnerability in Google Android 13.0/14.0
In linkturbonative service, there is a possible command injection due to improper input validation.
local
low complexity
google CWE-77
6.7
2024-10-09 CVE-2024-39439 Out-of-bounds Write vulnerability in Google Android 13.0/14.0
In DRM service, there is a possible out of bounds write due to a missing bounds check.
local
low complexity
google CWE-787
4.4