Filtered by vendor Google
Subscribe
Search
Total
2922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0969 | 1 Google | 1 Android | 2021-12-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| In getTitle of AccessPoint.java, there is a possible unhandled exception due to a missing null check. This could lead to remote denial of service if a proximal Wi-Fi AP provides invalid information with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-199922685 | |||||
| CVE-2021-0904 | 1 Google | 1 Android | 2021-12-17 | 7.2 HIGH | 6.7 MEDIUM |
| In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06076938; Issue ID: ALPS06076938. | |||||
| CVE-2021-0952 | 1 Google | 1 Android | 2021-12-17 | 4.7 MEDIUM | 5.0 MEDIUM |
| In doCropPhoto of PhotoSelectionHandler.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure of user's contacts with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-195748381 | |||||
| CVE-2021-0919 | 1 Google | 1 Android | 2021-12-17 | 1.9 LOW | 5.0 MEDIUM |
| In getService of IServiceManager.cpp, there is a possible unhandled exception due to an integer overflow. This could lead to local denial of service making the lockscreen unusable with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-197336441 | |||||
| CVE-2021-0704 | 1 Google | 1 Android | 2021-12-17 | 4.9 MEDIUM | 5.5 MEDIUM |
| In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-179338675 | |||||
| CVE-2021-22565 | 1 Google | 1 Exposure Notification Verification Server | 2021-12-14 | 5.8 MEDIUM | 6.5 MEDIUM |
| An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. We recommend upgrading the Exposure Notification server to V1.1.2 or greater. | |||||
| CVE-2021-25518 | 1 Google | 1 Android | 2021-12-13 | 4.6 MEDIUM | 6.7 MEDIUM |
| An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution. | |||||
| CVE-2021-25514 | 1 Google | 1 Android | 2021-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to access sensitive information. | |||||
| CVE-2021-43530 | 2 Google, Mozilla | 2 Android, Firefox | 2021-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94. | |||||
| CVE-2021-43544 | 2 Google, Mozilla | 2 Android, Firefox | 2021-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95. | |||||
| CVE-2021-30584 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2021-30582 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2021-30587 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2021-21170 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-12-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2021-21171 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2021-12-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2021-21168 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-12-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2021-21164 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Iphone Os, Debian Linux, Fedora and 1 more | 2021-12-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2021-21181 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-12-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2021-21176 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-12-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2021-21173 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-12-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2021-21163 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Iphone Os, Debian Linux, Fedora and 1 more | 2021-12-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server. | |||||
| CVE-2021-21175 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-12-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2021-21178 | 5 Debian, Fedoraproject, Google and 2 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-12-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2021-21187 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-12-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2021-21186 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Iphone Os, Debian Linux, Fedora and 1 more | 2021-12-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code. | |||||
| CVE-2021-21185 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-12-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome Extension. | |||||
| CVE-2021-21184 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-12-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2021-21183 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-12-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2021-21182 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-12-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2021-30538 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2021-30537 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page. | |||||
| CVE-2021-30539 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-01 | 5.8 MEDIUM | 5.4 MEDIUM |
| Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2021-30534 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2021-30533 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe. | |||||
| CVE-2021-30594 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-11-30 | 4.6 MEDIUM | 6.8 MEDIUM |
| Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. | |||||
| CVE-2021-30597 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-11-30 | 4.6 MEDIUM | 6.8 MEDIUM |
| Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. | |||||
| CVE-2021-30596 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2021-11-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2021-0670 | 2 Google, Mediatek | 14 Android, Mt6853, Mt6853t and 11 more | 2021-11-20 | 7.2 HIGH | 6.7 MEDIUM |
| In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05654663; Issue ID: ALPS05654663. | |||||
| CVE-2021-0669 | 2 Google, Mediatek | 24 Android, Mt6853, Mt6853t and 21 more | 2021-11-20 | 7.2 HIGH | 6.7 MEDIUM |
| In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05681550; Issue ID: ALPS05681550. | |||||
| CVE-2021-0668 | 2 Google, Mediatek | 19 Android, Mt6873, Mt6875 and 16 more | 2021-11-20 | 7.2 HIGH | 6.7 MEDIUM |
| In apusys, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05670521; Issue ID: ALPS05670521. | |||||
| CVE-2021-0671 | 2 Google, Mediatek | 14 Android, Mt6853, Mt6853t and 11 more | 2021-11-20 | 7.2 HIGH | 6.7 MEDIUM |
| In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05664273; Issue ID: ALPS05664273. | |||||
| CVE-2021-0655 | 2 Google, Mediatek | 8 Android, Mt6873, Mt6875 and 5 more | 2021-11-19 | 4.6 MEDIUM | 6.7 MEDIUM |
| In mdlactl driver, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05673424; Issue ID: ALPS05673424. | |||||
| CVE-2021-0657 | 2 Google, Mediatek | 12 Android, Mt6873, Mt6875 and 9 more | 2021-11-19 | 4.6 MEDIUM | 6.7 MEDIUM |
| In apusys, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672103; Issue ID: ALPS05672103. | |||||
| CVE-2021-0656 | 2 Google, Mediatek | 12 Android, Mt6853, Mt6853t and 9 more | 2021-11-19 | 4.6 MEDIUM | 6.7 MEDIUM |
| In edma driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05709376; Issue ID: ALPS05709376. | |||||
| CVE-2021-0658 | 2 Google, Mediatek | 12 Android, Mt6873, Mt6875 and 9 more | 2021-11-19 | 4.6 MEDIUM | 6.7 MEDIUM |
| In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672107. | |||||
| CVE-2021-0659 | 2 Google, Mediatek | 14 Android, Mt6853, Mt6853t and 11 more | 2021-11-19 | 2.1 LOW | 4.4 MEDIUM |
| In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687559; Issue ID: ALPS05687559. | |||||
| CVE-2021-0664 | 2 Google, Mediatek | 16 Android, Mt6765, Mt6768 and 13 more | 2021-11-19 | 4.6 MEDIUM | 6.7 MEDIUM |
| In ccu, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827158; Issue ID: ALPS05827158. | |||||
| CVE-2021-0665 | 2 Google, Mediatek | 22 Android, Mt6873, Mt6875 and 19 more | 2021-11-19 | 2.1 LOW | 4.4 MEDIUM |
| In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672113; Issue ID: ALPS05672113. | |||||
| CVE-2021-0666 | 2 Google, Mediatek | 21 Android, Mt6873, Mt6875 and 18 more | 2021-11-19 | 2.1 LOW | 4.4 MEDIUM |
| In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672086; Issue ID: ALPS05672086. | |||||
| CVE-2021-0667 | 2 Google, Mediatek | 19 Android, Mt6873, Mt6875 and 16 more | 2021-11-19 | 4.6 MEDIUM | 6.7 MEDIUM |
| In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05670581; Issue ID: ALPS05670581. | |||||