Filtered by vendor Google
Subscribe
Search
Total
2922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9372 | 1 Google | 1 Android | 2021-07-21 | 7.1 HIGH | 6.5 MEDIUM |
| In libskia, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132782448 | |||||
| CVE-2020-0091 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700 | |||||
| CVE-2019-9361 | 1 Google | 1 Android | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111762807 | |||||
| CVE-2020-16042 | 1 Google | 1 Chrome | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2020-6418 | 1 Google | 1 Chrome | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-5865 | 1 Google | 1 Chrome | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in navigations in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | |||||
| CVE-2020-6444 | 1 Google | 1 Chrome | 2021-07-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-15989 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |||||
| CVE-2019-5864 | 1 Google | 1 Chrome | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. | |||||
| CVE-2020-0066 | 1 Google | 1 Android | 2021-07-21 | 6.9 MEDIUM | 6.4 MEDIUM |
| In the netlink driver, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-65025077 | |||||
| CVE-2020-10834 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can view notifications on the lock screen via Routines. The Samsung ID is SVE-2019-15074 (February 2020). | |||||
| CVE-2020-6394 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2021-07-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2019-9472 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In DCRYPTO_equals of compare.c, there is a possible timing attack due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-130237611 | |||||
| CVE-2020-10839 | 1 Google | 1 Android | 2021-07-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via a SIM card. The Samsung ID is SVE-2019-16193 (February 2020). | |||||
| CVE-2019-20580 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with P(9.0) software. The Motion photo player allows attackers to bypass the Secure Folder feature to view images. The Samsung ID is SVE-2019-14653 (August 2019). | |||||
| CVE-2019-20557 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via a SIM card by blocking the PUK code. The Samsung ID is SVE-2019-15262 (October 2019). | |||||
| CVE-2019-20546 | 2 Broadcom, Google | 11 Bcm43162, Bcm43224, Bcm4323 and 8 more | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom Wi-Fi chipsets) software. A denial-of-service attack can leverage a shared interface between Broadcom Bluetooth and Broadcom Wi-Fi. The Samsung ID is SVE-2019-15350 (November 2019). | |||||
| CVE-2020-10855 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via AppTray. The Samsung ID is SVE-2019-16192 (January 2020). | |||||
| CVE-2019-5875 | 1 Google | 1 Chrome | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2019-20593 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks Private Mode thumbnails. The Samsung ID is SVE-2019-14208 (July 2019). | |||||
| CVE-2020-10846 | 1 Google | 1 Android | 2021-07-21 | 1.9 LOW | 5.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with P(9.x) and Q(10.x) software. Attackers can enable the OEM unlock feature on a KG-enrolled devices, leading to potentially unwanted binaries being downloaded. The Samsung ID is SVE-2019-16554 (February 2020). | |||||
| CVE-2020-6506 | 1 Google | 2 Android, Chrome | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in WebView in Google Chrome on Android prior to 83.0.4103.106 allowed a remote attacker to bypass site isolation via a crafted HTML page. | |||||
| CVE-2019-5873 | 2 Apple, Google | 2 Iphone Os, Chrome | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy validation in navigation in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2019-20775 | 2 Google, Qualcomm | 5 Android, Sdm450, Sdm845 and 2 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on LG mobile devices with Android OS 9.0 (Qualcomm SDM450, SDM845, SM6150, and SM8150 chipsets) software. Weak encryption leads to local information disclosure. The LG ID is LVE-SMP-190010 (August 2019). | |||||
| CVE-2019-20774 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. A system service allows local retrieval of the user's password. The LG ID is LVE-SMP-190009 (August 2019). | |||||
| CVE-2019-5794 | 1 Google | 1 Chrome | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2020-6408 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page. | |||||
| CVE-2019-20624 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. S-Voice leaks keyboard learned words via the lock screen. The Samsung ID is SVE-2018-12981 (February 2019). | |||||
| CVE-2019-20779 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. A TrustZone trusted application can crash via crafted input. The LG ID is LVE-SMP-190003 (May 2019). | |||||
| CVE-2020-6438 | 1 Google | 1 Chrome | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. | |||||
| CVE-2019-2056 | 1 Google | 1 Android | 2021-07-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| There is a possible disclosure of RAM using a shared crypto key due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140879284 | |||||
| CVE-2020-0468 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In listen() and related functions of TelephonyRegistry.java, there is a possible permissions bypass of location permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-158484422 | |||||
| CVE-2019-20615 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Attackers can bypass Factory Reset Protection (FRP) via SVoice T&C. The Samsung ID is SVE-2018-13547 (March 2019). | |||||
| CVE-2020-27026 | 1 Google | 1 Android | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| During boot, the device unlock interface behaves differently depending on if a fingerprint registered to the device is present. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-79776455 | |||||
| CVE-2020-0126 | 1 Google | 1 Android | 2021-07-21 | 6.9 MEDIUM | 6.4 MEDIUM |
| In multiple functions in DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local code execution with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137878930 | |||||
| CVE-2020-0121 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In updateUidProcState of AppOpsService.java, there is a possible permission bypass due to a logic error. This could lead to local information disclosure of location data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148180766 | |||||
| CVE-2020-0488 | 1 Google | 1 Android | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ihevc_inter_pred_chroma_copy_ssse3 of ihevc_inter_pred_filters_ssse3_intr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158484516 | |||||
| CVE-2020-6503 | 1 Google | 1 Chrome | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in accessibility in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2020-0326 | 1 Google | 1 Android | 2021-07-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| In NFC, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146453119 | |||||
| CVE-2020-0484 | 1 Google | 1 Android | 2021-07-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| In destroyResources of ComposerClient.h, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155769496 | |||||
| CVE-2020-0134 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In BnDrm::onTransact of IDrm.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146052771 | |||||
| CVE-2020-13843 | 1 Google | 1 Android | 2021-07-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020). | |||||
| CVE-2020-0317 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In UsageStatsManager, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119671929 | |||||
| CVE-2020-0315 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In Zen Mode, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155642026 | |||||
| CVE-2020-0495 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In decode_Huffman of JBig2_SddProc.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155473137 | |||||
| CVE-2020-0312 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In Battery Saver, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153879099 | |||||
| CVE-2020-0311 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In InputManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153878642 | |||||
| CVE-2020-0308 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In Window Manager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153654357 | |||||
| CVE-2020-0309 | 1 Google | 1 Android | 2021-07-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| In the Bluetooth server, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147227320 | |||||
| CVE-2020-27035 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In priorLinearAllocation of C2AllocatorIon.cpp, there is a possible use-after-free due to improper locking. This could lead to local information disclosure in the media codec with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-152239213 | |||||