Filtered by vendor Google
Subscribe
Search
Total
150 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25350 | 2 Google, Samsung | 2 Android, Account | 2021-03-30 | 2.1 LOW | 3.9 LOW |
| Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log. | |||||
| CVE-2021-25351 | 2 Google, Samsung | 2 Android, Account | 2021-03-30 | 2.1 LOW | 2.4 LOW |
| Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password. | |||||
| CVE-2021-25340 | 1 Google | 1 Android | 2021-03-11 | 2.1 LOW | 2.4 LOW |
| Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State. | |||||
| CVE-2021-25335 | 2 Google, Samsung | 2 Android, One Ui | 2021-03-11 | 1.9 LOW | 2.5 LOW |
| Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition. | |||||
| CVE-2021-25343 | 2 Google, Samsung | 2 Android, Members | 2021-03-11 | 2.1 LOW | 3.3 LOW |
| Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider. | |||||
| CVE-2021-25342 | 2 Google, Samsung | 2 Android, Members | 2021-03-11 | 2.1 LOW | 3.3 LOW |
| Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider. | |||||
| CVE-2020-8938 | 1 Google | 1 Asylo | 2020-12-17 | 2.1 LOW | 3.3 LOW |
| An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to FromkLinuxSockAddr with attacker controlled content and size of klinux_addr which allows an attacker to write memory values from within the enclave. We recommend upgrading past commit a37fb6a0e7daf30134dbbf357c9a518a1026aa02 | |||||
| CVE-2020-8937 | 1 Google | 1 Asylo | 2020-12-17 | 2.1 LOW | 3.3 LOW |
| An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to enc_untrusted_create_wait_queue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located. This allows an attacker to write memory values from within the enclave. We recommend upgrading past commit a37fb6a0e7daf30134dbbf357c9a518a1026aa02 | |||||
| CVE-2020-0481 | 1 Google | 1 Android | 2020-12-16 | 2.1 LOW | 3.3 LOW |
| In AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege allowing a non-system app to send a broadcast it shouldn't have permissions to send, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157472962 | |||||
| CVE-2020-8919 | 1 Google | 1 Gerrit | 2020-12-16 | 2.7 LOW | 3.5 LOW |
| An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal account data as well as sub-trees with restricted access. | |||||
| CVE-2020-0368 | 1 Google | 1 Android | 2020-12-15 | 2.1 LOW | 3.3 LOW |
| In queryInternal of CallLogProvider.java, there is a possible permission bypass due to improper input validation. This could lead to local information disclosure of voicemail metadata with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143230980 | |||||
| CVE-2020-26271 | 1 Google | 1 Tensorflow | 2020-12-14 | 2.1 LOW | 3.3 LOW |
| In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input slot of the dst node (given by input_index). This is only possible if the types of the tensors on both sides coincide, so the function begins by obtaining the corresponding DataType values and comparing these for equality. However, there is no check that the indices point to inside of the arrays they index into. Thus, this can result in accessing data out of bounds of the corresponding heap allocated arrays. In most scenarios, this can manifest as unitialized data access, but if the index points far away from the boundaries of the arrays this can be used to leak addresses from the library. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. | |||||
| CVE-2020-26270 | 1 Google | 1 Tensorflow | 2020-12-14 | 2.1 LOW | 3.3 LOW |
| In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. | |||||
| CVE-2019-20623 | 1 Google | 1 Android | 2020-08-24 | 1.9 LOW | 3.3 LOW |
| An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. Gallery has uninitialized memory disclosure. The Samsung ID is SVE-2018-13060 (February 2019). | |||||
| CVE-2019-13762 | 2 Google, Microsoft | 2 Chrome, Windows | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code. | |||||
| CVE-2019-9280 | 1 Google | 1 Android | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| In keyguard, there is a possible escalation of privilege due to improper permission checks. This could lead to a local bypass of the keyguard under limited circumstances, with User execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-119322269 | |||||
| CVE-2019-20595 | 1 Google | 1 Android | 2020-08-24 | 2.1 LOW | 2.4 LOW |
| An issue was discovered on Samsung mobile devices with P(9.0) software. Quick Panel allows enabling or disabling the Bluetooth stack without authentication. The Samsung ID is SVE-2019-14545 (July 2019). | |||||
| CVE-2019-9364 | 1 Google | 1 Android | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| In AudioService, there is a possible trigger of background user audio due to a permissions bypass. This could lead to local information disclosure by playing the background user's audio with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73364631 | |||||
| CVE-2018-21043 | 2 Google, Samsung | 2 Android, Exynos 9810 | 2020-04-09 | 2.1 LOW | 3.3 LOW |
| An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is information disclosure about a kernel pointer in the g2d_drv driver because of logging. The Samsung ID is SVE-2018-13035 (December 2018). | |||||
| CVE-2018-21046 | 1 Google | 1 Android | 2020-04-09 | 2.1 LOW | 2.4 LOW |
| An issue was discovered on Samsung mobile devices with O(8.x) software. There is clipboard Data Exposure via the Emergency Dialer upon connecting a USB device. The Samsung ID is SVE-2018-12911 (November 2018). | |||||
| CVE-2018-21073 | 2 Google, Samsung | 6 Android, Galaxy S8, Galaxy S8\+ and 3 more | 2020-04-09 | 2.1 LOW | 2.4 LOW |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) (Galaxy S9+, Galaxy S9, Galaxy S8+, Galaxy S8, Note 8). There is access to Clipboard content in the locked state via the Edge panel. The Samsung ID is SVE-2017-10748 (May 2018). | |||||
| CVE-2018-21074 | 1 Google | 1 Android | 2020-04-09 | 2.1 LOW | 3.3 LOW |
| An issue was discovered on Samsung mobile devices with M(6.x) (Exynos or Qualcomm chipsets) software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 (April 2018). | |||||
| CVE-2018-21077 | 1 Google | 1 Android | 2020-04-09 | 2.1 LOW | 2.4 LOW |
| An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is a Clipboard content disclosure in the locked state because the keyboard may be used during an emergency call. The Samsung ID is SVE-2017-11107 (April 2018). | |||||
| CVE-2017-18673 | 1 Google | 1 Android | 2020-04-08 | 2.1 LOW | 2.4 LOW |
| An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can disable the Location service on a locked device, making it impossible for the rightful owner to find a stolen device. The Samsung ID is SVE-2017-8524 (May 2017). | |||||
| CVE-2016-11027 | 1 Google | 1 Android | 2020-04-08 | 2.1 LOW | 2.4 LOW |
| An issue was discovered on Samsung mobile devices with M(6.0) software. In the Shade Locked state, a physically proximate attacker can read notifications on the lock screen. The Samsung ID is SVE-2016-7132 (December 2016). | |||||
| CVE-2019-20533 | 1 Google | 1 Android | 2020-03-26 | 2.1 LOW | 3.3 LOW |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (released in China or India) software. The S Secure app can launch masked apps without a password. The Samsung ID is SVE-2019-13996 (December 2019). | |||||
| CVE-2020-0029 | 1 Google | 1 Android | 2020-03-11 | 2.1 LOW | 2.3 LOW |
| In the WifiConfigManager, there is a possible storage of location history which can only be deleted by triggering a factory reset. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140065828 | |||||
| CVE-2011-2343 | 1 Google | 1 Android | 2020-02-19 | 2.1 LOW | 2.4 LOW |
| The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain contact information via an AT phonebook transfer. | |||||
| CVE-2019-13679 | 1 Google | 1 Chrome | 2019-12-03 | 4.3 MEDIUM | 3.3 LOW |
| Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file. | |||||
| CVE-2019-9377 | 1 Google | 1 Android | 2019-10-07 | 2.1 LOW | 3.3 LOW |
| In FingerprintService, there is a possible bypass for operating system protections that isolate user profiles from each other due to a missing permission check. This could lead to a local information disclosure of metadata about the biometrics of another user on the device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128599663 | |||||
| CVE-2017-5084 | 1 Google | 1 Chrome Os | 2019-10-03 | 2.1 LOW | 3.3 LOW |
| Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint. | |||||
| CVE-2019-9351 | 1 Google | 1 Android | 2019-10-02 | 2.1 LOW | 3.3 LOW |
| In SyncStatusObserver, there is a possible bypass for operating system protections that isolate user profiles from each other due to a missing permission check. This could lead to local limited information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128599864 | |||||
| CVE-2019-9277 | 1 Google | 1 Android | 2019-10-02 | 2.1 LOW | 3.3 LOW |
| In the proc filesystem, there is a possible information disclosure due to log information disclosure. This could lead to local disclosure of app and browser activity with User execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-68016944 | |||||
| CVE-2018-9581 | 1 Google | 1 Android | 2019-10-02 | 2.1 LOW | 3.3 LOW |
| In WiFi, the RSSI value and SSID information is broadcast as part of android.net.wifi.RSSI_CHANGE and android.net.wifi.STATE_CHANGE intents. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111698366 | |||||
| CVE-2018-6053 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-11-20 | 4.3 MEDIUM | 3.3 LOW |
| Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page. | |||||
| CVE-2016-5166 | 2 Google, Opensuse | 2 Chrome, Leap | 2018-10-30 | 2.6 LOW | 3.1 LOW |
| The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice. | |||||
| CVE-2015-6644 | 1 Google | 1 Android | 2018-10-17 | 4.3 MEDIUM | 3.3 LOW |
| Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146. | |||||
| CVE-2016-9062 | 2 Google, Mozilla | 2 Android, Firefox | 2018-07-30 | 2.1 LOW | 3.3 LOW |
| Private browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" and "browser.db-wal" files within the Firefox profile after the mode is exited. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. | |||||
| CVE-2018-6254 | 1 Google | 1 Android | 2018-06-14 | 2.1 LOW | 3.3 LOW |
| In Android before the 2018-05-05 security patch level, NVIDIA Media Server contains an out-of-bounds read (due to improper input validation) vulnerability which could lead to local information disclosure. This issue is rated as moderate. Android: A-64340684. Reference: N-CVE-2018-6254. | |||||
| CVE-2016-10236 | 1 Google | 1 Android | 2018-05-04 | 4.3 MEDIUM | 3.3 LOW |
| An information disclosure vulnerability in the Qualcomm USB driver. Product: Android. Versions: Android kernel. Android ID: A-33280689. References: QC-CR#1102418. | |||||
| CVE-2017-6425 | 1 Google | 1 Android | 2018-05-04 | 4.3 MEDIUM | 3.3 LOW |
| An information disclosure vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-32577085. References: QC-CR#1103689. | |||||
| CVE-2017-6426 | 1 Google | 1 Android | 2018-05-04 | 4.3 MEDIUM | 3.3 LOW |
| An information disclosure vulnerability in the Qualcomm SPMI driver. Product: Android. Versions: Android kernel. Android ID: A-33644474. References: QC-CR#1106842. | |||||
| CVE-2016-3888 | 1 Google | 1 Android | 2017-08-13 | 2.1 LOW | 2.1 LOW |
| internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, and send premium SMS messages during the Setup Wizard provisioning stage, via unspecified vectors, aka internal bug 29420123. | |||||
| CVE-2017-0709 | 1 Google | 1 Android | 2017-07-11 | 4.3 MEDIUM | 3.3 LOW |
| A information disclosure vulnerability in the HTC sensor hub driver. Product: Android. Versions: Android kernel. Android ID: A-35468048. | |||||
| CVE-2015-9031 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 3.3 LOW |
| In all Android releases from CAF using the Linux kernel, a TZ memory address is exposed to HLOS by HDCP. | |||||
| CVE-2015-9032 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 3.3 LOW |
| In all Android releases from CAF using the Linux kernel, a DRM key was exposed to QTEE applications. | |||||
| CVE-2016-6770 | 1 Google | 1 Android | 2017-01-19 | 4.3 MEDIUM | 3.3 LOW |
| An elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-30202228. | |||||
| CVE-2015-6641 | 1 Google | 1 Android | 2016-12-07 | 2.9 LOW | 3.1 LOW |
| Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427. | |||||
| CVE-2016-3763 | 1 Google | 1 Android | 2016-07-12 | 5.0 MEDIUM | 3.3 LOW |
| net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, aka internal bug 27593919. | |||||
| CVE-2016-3759 | 1 Google | 1 Android | 2016-07-12 | 5.0 MEDIUM | 3.3 LOW |
| The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to read backup data via a crafted application that leverages priv-app access to insert a backup transport, aka internal bug 28406080. | |||||