Filtered by vendor Google
Subscribe
Search
Total
2922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9433 | 1 Google | 1 Android | 2020-07-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 | |||||
| CVE-2020-0122 | 1 Google | 1 Android | 2020-07-22 | 7.2 HIGH | 6.7 MEDIUM |
| In the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147247775 | |||||
| CVE-2020-15578 | 1 Google | 1 Android | 2020-07-10 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.x) software. FactoryCamera does not properly restrict runtime permissions. The Samsung ID is SVE-2020-17270 (July 2020). | |||||
| CVE-2020-15580 | 1 Google | 1 Android | 2020-07-10 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) by enrolling a new lock password. The Samsung ID is SVE-2020-17328 (July 2020). | |||||
| CVE-2020-15577 | 1 Google | 1 Android | 2020-07-10 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Cameralyzer allows attackers to write files to the SD card. The Samsung ID is SVE-2020-16830 (July 2020). | |||||
| CVE-2020-15583 | 1 Google | 1 Android | 2020-07-10 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. StickerProvider allows directory traversal for access to system files. The Samsung ID is SVE-2020-17665 (July 2020). | |||||
| CVE-2020-6485 | 1 Google | 2 Chrome, Chrome Os | 2020-07-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in media router in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2020-6478 | 1 Google | 1 Chrome | 2020-07-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. | |||||
| CVE-2020-6479 | 1 Google | 1 Chrome | 2020-07-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. | |||||
| CVE-2020-6488 | 1 Google | 1 Chrome | 2020-07-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2020-6491 | 1 Google | 1 Chrome | 2020-07-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted domain name. | |||||
| CVE-2020-6484 | 1 Google | 1 Chrome | 2020-07-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted request. | |||||
| CVE-2020-0182 | 2 Debian, Google | 2 Debian Linux, Android | 2020-07-06 | 6.4 MEDIUM | 6.5 MEDIUM |
| In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147140917 | |||||
| CVE-2020-6431 | 1 Google | 1 Chrome | 2020-07-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page. | |||||
| CVE-2020-6495 | 1 Google | 1 Chrome | 2020-07-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | |||||
| CVE-2020-6435 | 1 Google | 1 Chrome | 2020-07-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2020-6437 | 1 Google | 1 Chrome | 2020-07-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application. | |||||
| CVE-2020-6440 | 1 Google | 1 Chrome | 2020-07-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension. | |||||
| CVE-2020-6441 | 1 Google | 1 Chrome | 2020-07-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. | |||||
| CVE-2020-6442 | 1 Google | 1 Chrome | 2020-07-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2020-6445 | 1 Google | 1 Chrome | 2020-07-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2020-6446 | 1 Google | 1 Chrome | 2020-07-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2020-6432 | 1 Google | 1 Chrome | 2020-07-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2020-6433 | 1 Google | 1 Chrome | 2020-07-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2020-6456 | 1 Google | 1 Chrome | 2020-07-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents. | |||||
| CVE-2020-6460 | 1 Google | 1 Chrome | 2020-07-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name. | |||||
| CVE-2020-6497 | 2 Apple, Google | 2 Iphone Os, Chrome | 2020-07-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted URI. | |||||
| CVE-2020-6498 | 2 Apple, Google | 2 Iphone Os, Chrome | 2020-07-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect implementation in user interface in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2020-0127 | 1 Google | 1 Android | 2020-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In AudioStream::decode of AudioGroup.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the phone process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140054506 | |||||
| CVE-2020-0211 | 1 Google | 1 Android | 2020-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In SumCompoundHorizontalTaps of convolve_neon.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147491773 | |||||
| CVE-2020-0119 | 1 Google | 1 Android | 2020-06-15 | 5.4 MEDIUM | 5.3 MEDIUM |
| In addOrUpdateNetworkInternal and related functions of WifiConfigManager.java, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150500247 | |||||
| CVE-2020-0205 | 1 Google | 1 Android | 2020-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In the DaalaBitReader constructor of entropy_decoder.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the media server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147234020 | |||||
| CVE-2020-0184 | 1 Google | 1 Android | 2020-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ihevcd_ref_list() of ihevcd_ref_list.c, there is a possible infinite loop due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141688974 | |||||
| CVE-2020-0196 | 1 Google | 1 Android | 2020-06-15 | 3.3 LOW | 6.5 MEDIUM |
| In RegisterNotificationResponse::GetEvent of register_notification_packet.cc, there is a possible abort due to improper input validation. This could lead to remote denial of service of the Bluetooth service, over Bluetooth, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144066833 | |||||
| CVE-2020-0189 | 1 Google | 1 Android | 2020-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ihevcd_decode() of ihevcd_decode.c, there is possible resource exhaustion due to an infinite loop. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139939283 | |||||
| CVE-2020-0186 | 1 Google | 1 Android | 2020-06-15 | 4.6 MEDIUM | 6.7 MEDIUM |
| In hal_fd_init of hal_fd.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146144463 | |||||
| CVE-2020-0200 | 1 Google | 1 Android | 2020-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ReadLittleEndian of raw_bit_reader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the media server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147231862 | |||||
| CVE-2020-0206 | 1 Google | 1 Android | 2020-06-15 | 2.1 LOW | 5.5 MEDIUM |
| In the settings app, there is a possible app crash due to improper input validation. This could lead to local denial of service of the Settings app with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-136005061 | |||||
| CVE-2020-0124 | 1 Google | 1 Android | 2020-06-12 | 4.6 MEDIUM | 6.7 MEDIUM |
| In markBootComplete of InstalldNativeService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140237592 | |||||
| CVE-2020-0191 | 1 Google | 1 Android | 2020-06-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ih264d_update_default_index_list() of ih264d_dpb_mgr.c, there is a possible out of bounds read due to a logic error. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140561484 | |||||
| CVE-2020-0193 | 1 Google | 1 Android | 2020-06-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ihevc_intra_pred_chroma_mode_3_to_9_av8 of ihevc_intra_pred_chroma_mode_3_to_9.s, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144595488 | |||||
| CVE-2020-0180 | 1 Google | 1 Android | 2020-06-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In GetOpusHeaderBuffers() of OpusHeader.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142861738 | |||||
| CVE-2020-0143 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In nfa_dm_ndef_find_next_handler of nfa_dm_ndef.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of heap data via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145597277 | |||||
| CVE-2020-0144 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In btm_proc_sp_req_evt of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142543497 | |||||
| CVE-2020-0149 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In btu_hcif_mode_change_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142544089 | |||||
| CVE-2020-0148 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In btu_hcif_pin_code_request_evt, btu_hcif_link_key_request_evt, and btu_hcif_link_key_notification_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142638492 | |||||
| CVE-2020-0146 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In btu_hcif_hardware_error_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142546561 | |||||
| CVE-2020-0145 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In btm_simple_pair_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142544079 | |||||
| CVE-2020-0157 | 1 Google | 1 Android | 2020-06-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| In nfa_hci_conn_cback of nfa_hci_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139740814 | |||||
| CVE-2020-0147 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In btu_hcif_esco_connection_chg_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142638392 | |||||