Filtered by vendor Google
Subscribe
Search
Total
3732 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5904 | 1 Google | 1 Android | 2018-12-21 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while list traversal in LPM status driver for clean up, use after free vulnerability may occur. | |||||
| CVE-2018-5856 | 1 Google | 1 Android | 2018-12-21 | 6.1 MEDIUM | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, due to a race condition, a Use After Free condition can occur in Audio. | |||||
| CVE-2018-5861 | 1 Google | 1 Android | 2018-12-21 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, existing checks in place on partition size are incomplete and can lead to heap overwrite vulnerabilities while loading a secure application from the boot loader. | |||||
| CVE-2018-11995 | 1 Google | 1 Android | 2018-12-21 | 7.2 HIGH | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a partition name-check variable is not reset for every iteration which may cause improper termination in the META image. | |||||
| CVE-2018-11918 | 1 Google | 1 Android | 2018-12-21 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated is automatically released by the kernel if the 'probe' function fails with an error code. | |||||
| CVE-2017-11078 | 1 Google | 1 Android | 2018-12-21 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the boot image header, an out of bounds read can occur in boot. | |||||
| CVE-2018-11260 | 1 Google | 1 Android | 2018-12-21 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a fast Initial link setup (FILS) connection request, integer overflow may lead to a buffer overflow when the key length is zero. | |||||
| CVE-2018-11261 | 1 Google | 1 Android | 2018-12-21 | 7.2 HIGH | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible Use-after-free issue in Media Codec process. Any application using codec service will be affected. | |||||
| CVE-2018-11266 | 1 Google | 1 Android | 2018-12-21 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper input validation can lead to an improper access to already freed up dci client entries while closing dci client. | |||||
| CVE-2018-11823 | 1 Google | 1 Android | 2018-12-21 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, freeing device memory in driver probe failure will result in double free issue in power module. | |||||
| CVE-2018-9514 | 1 Google | 1 Android | 2018-12-20 | 7.2 HIGH | 7.8 HIGH |
| In sdcardfs_open of file.c, there is a possible Use After Free due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111642636 References: N/A | |||||
| CVE-2018-17465 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-12-19 | 6.8 MEDIUM | 8.8 HIGH |
| Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. | |||||
| CVE-2018-6061 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-12-19 | 5.1 MEDIUM | 7.5 HIGH |
| A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2018-6074 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2018-12-19 | 6.8 MEDIUM | 8.8 HIGH |
| Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page. | |||||
| CVE-2018-17469 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2018-12-18 | 6.8 MEDIUM | 8.8 HIGH |
| Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. | |||||
| CVE-2018-9427 | 1 Google | 1 Android | 2018-12-18 | 9.3 HIGH | 7.8 HIGH |
| In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-77486542. | |||||
| CVE-2018-9545 | 1 Google | 1 Android | 2018-12-17 | 4.6 MEDIUM | 7.8 HIGH |
| In BTA_HdRegisterApp of bta_hd_api.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113111784 | |||||
| CVE-2018-9542 | 1 Google | 1 Android | 2018-12-17 | 5.0 MEDIUM | 7.5 HIGH |
| In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111896861 | |||||
| CVE-2018-9540 | 1 Google | 1 Android | 2018-12-17 | 5.0 MEDIUM | 7.5 HIGH |
| In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450417 | |||||
| CVE-2018-9539 | 1 Google | 1 Android | 2018-12-17 | 6.9 MEDIUM | 7.0 HIGH |
| In the ClearKey CAS descrambler, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-113027383 | |||||
| CVE-2018-9359 | 1 Google | 1 Android | 2018-12-14 | 7.8 HIGH | 7.5 HIGH |
| In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74196706. | |||||
| CVE-2018-9528 | 1 Google | 1 Android | 2018-12-14 | 6.8 MEDIUM | 8.8 HIGH |
| In ixheaacd_over_lap_add1_armv8 of ixheaacd_overlap_add1.s there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112551721 | |||||
| CVE-2018-9529 | 1 Google | 1 Android | 2018-12-14 | 6.8 MEDIUM | 8.8 HIGH |
| In ixheaacd_individual_ch_stream of ixheaacd_channel.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112551874 | |||||
| CVE-2018-9531 | 1 Google | 1 Android | 2018-12-14 | 9.3 HIGH | 7.8 HIGH |
| In AudioSpecificConfig_Parse of tpdec_asc.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112661641 | |||||
| CVE-2018-9530 | 1 Google | 1 Android | 2018-12-14 | 6.8 MEDIUM | 8.8 HIGH |
| In ixheaacd_tns_ar_filter_dec of ixheaacd_aac_tns.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112609715 | |||||
| CVE-2018-9527 | 1 Google | 1 Android | 2018-12-14 | 9.3 HIGH | 7.8 HIGH |
| In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112159345 | |||||
| CVE-2018-9532 | 1 Google | 1 Android | 2018-12-14 | 6.8 MEDIUM | 8.8 HIGH |
| In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112765917 | |||||
| CVE-2018-9533 | 1 Google | 1 Android | 2018-12-14 | 6.8 MEDIUM | 8.8 HIGH |
| In ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out of write read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112766520 | |||||
| CVE-2018-9534 | 1 Google | 1 Android | 2018-12-14 | 6.8 MEDIUM | 8.8 HIGH |
| In ixheaacd_mps_getstridemap of ixheaacd_mps_parse.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112857941 | |||||
| CVE-2018-9535 | 1 Google | 1 Android | 2018-12-14 | 6.8 MEDIUM | 8.8 HIGH |
| In ixheaacd_reset_acelp_data_fix of ixheaacd_lpc.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112858010 | |||||
| CVE-2018-9536 | 1 Google | 1 Android | 2018-12-14 | 9.3 HIGH | 7.8 HIGH |
| In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184 | |||||
| CVE-2018-9455 | 1 Google | 1 Android | 2018-12-13 | 7.8 HIGH | 7.5 HIGH |
| In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78136677. | |||||
| CVE-2018-9489 | 1 Google | 1 Android | 2018-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi network information. This could lead to information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-77286245. | |||||
| CVE-2018-9360 | 1 Google | 1 Android | 2018-12-13 | 7.8 HIGH | 7.5 HIGH |
| In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74201143. | |||||
| CVE-2018-9361 | 1 Google | 1 Android | 2018-12-13 | 7.8 HIGH | 7.5 HIGH |
| In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74202041. | |||||
| CVE-2018-9362 | 1 Google | 1 Android | 2018-12-12 | 7.8 HIGH | 7.5 HIGH |
| In processMessagePart of InboundSmsHandler.java, there is a possible remote denial of service due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-72298611. | |||||
| CVE-2018-9385 | 1 Google | 1 Android | 2018-12-12 | 4.6 MEDIUM | 7.8 HIGH |
| In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74128061 References: Upstream kernel. | |||||
| CVE-2018-9415 | 2 Canonical, Google | 2 Ubuntu Linux, Android | 2018-12-12 | 4.6 MEDIUM | 7.8 HIGH |
| In driver_override_store and driver_override_show of bus.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69129004 References: Upstream kernel. | |||||
| CVE-2018-9436 | 1 Google | 1 Android | 2018-12-12 | 7.8 HIGH | 7.5 HIGH |
| In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79164722. | |||||
| CVE-2018-9448 | 1 Google | 1 Android | 2018-12-12 | 7.8 HIGH | 7.5 HIGH |
| In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-79944113. | |||||
| CVE-2018-9450 | 1 Google | 1 Android | 2018-12-12 | 9.0 HIGH | 8.8 HIGH |
| In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79541338. | |||||
| CVE-2018-9357 | 1 Google | 1 Android | 2018-12-12 | 7.2 HIGH | 7.8 HIGH |
| In BNEP_Write of bnep_api.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74947856. | |||||
| CVE-2018-9465 | 1 Google | 1 Android | 2018-12-12 | 4.6 MEDIUM | 7.8 HIGH |
| In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69164715 References: Upstream kernel. | |||||
| CVE-2017-5133 | 2 Debian, Google | 2 Debian Linux, Chrome | 2018-12-11 | 6.8 MEDIUM | 8.8 HIGH |
| Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file. | |||||
| CVE-2018-9496 | 1 Google | 1 Android | 2018-11-20 | 9.3 HIGH | 7.8 HIGH |
| In ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-110769924 | |||||
| CVE-2018-9497 | 1 Google | 1 Android | 2018-11-20 | 9.3 HIGH | 7.8 HIGH |
| In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv_av8 of impeg2_format_conv.s there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-74078669 | |||||
| CVE-2018-9498 | 1 Google | 1 Android | 2018-11-20 | 9.3 HIGH | 7.8 HIGH |
| In SkSampler::Fill of SkSampler.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78354855 | |||||
| CVE-2018-9503 | 1 Google | 1 Android | 2018-11-20 | 7.8 HIGH | 7.5 HIGH |
| In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-80432928 | |||||
| CVE-2018-9513 | 1 Google | 1 Android | 2018-11-20 | 7.2 HIGH | 7.8 HIGH |
| In copy_process of fork.c, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111081202 References: N/A | |||||
| CVE-2017-15407 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-11-20 | 6.8 MEDIUM | 8.8 HIGH |
| Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server. | |||||