Filtered by vendor Google
Subscribe
Search
Total
2922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0156 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 5.5 MEDIUM |
| In NxpNfc::ioctl of NxpNfc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139736127 | |||||
| CVE-2020-0154 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In nci_proc_core_rsp of nci_hrcv.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141550919 | |||||
| CVE-2020-0153 | 1 Google | 1 Android | 2020-06-12 | 4.6 MEDIUM | 6.7 MEDIUM |
| In phNxpNciHal_write_ext of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139733543 | |||||
| CVE-2020-0152 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In avb_vbmeta_image_verify of avb_vbmeta_image.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145992159 | |||||
| CVE-2020-0151 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In avb_vbmeta_image_verify of avb_vbmeta_image.c there is a possible out of bounds read due to a missing bounds check. This could lead to a local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-133164384 | |||||
| CVE-2020-0161 | 1 Google | 1 Android | 2020-06-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In parseChunk of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127973550 | |||||
| CVE-2020-0165 | 1 Google | 1 Android | 2020-06-12 | 7.2 HIGH | 6.7 MEDIUM |
| In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139532977 | |||||
| CVE-2020-0185 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 5.5 MEDIUM |
| In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-79945152 | |||||
| CVE-2020-0187 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 5.5 MEDIUM |
| In engineSetMode of BaseBlockCipher.java, there is a possible incorrect cryptographic algorithm chosen due to an incomplete comparison. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148517383 | |||||
| CVE-2020-0197 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 5.5 MEDIUM |
| In InitDataParser::parsePssh of InitDataParser.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137370379 | |||||
| CVE-2020-0159 | 1 Google | 1 Android | 2020-06-11 | 3.5 LOW | 5.5 MEDIUM |
| In rw_mfc_writeBlock of rw_mfc.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140768035 | |||||
| CVE-2020-0158 | 1 Google | 1 Android | 2020-06-11 | 2.1 LOW | 4.4 MEDIUM |
| In nfc_ncif_proc_t3t_polling_ntf of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141547128 | |||||
| CVE-2020-0162 | 1 Google | 1 Android | 2020-06-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| In parseSampleAuxiliaryInformationOffsets of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124526959 | |||||
| CVE-2020-0164 | 1 Google | 1 Android | 2020-06-11 | 2.1 LOW | 4.4 MEDIUM |
| In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139736125 | |||||
| CVE-2020-0163 | 1 Google | 1 Android | 2020-06-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| In parseSampleAuxiliaryInformationSizes of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124525515 | |||||
| CVE-2020-0009 | 1 Google | 1 Android | 2020-06-10 | 2.1 LOW | 5.5 MEDIUM |
| In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932 | |||||
| CVE-2020-6504 | 1 Google | 1 Chrome | 2020-06-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in notifications in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass notification restrictions via a crafted HTML page. | |||||
| CVE-2011-2863 | 1 Google | 1 Chrome | 2020-06-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in V8 in Google Chrome prior to 14.0.0.0 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2020-6502 | 1 Google | 1 Chrome | 2020-06-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect implementation in permissions in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page. | |||||
| CVE-2020-6501 | 1 Google | 1 Chrome | 2020-06-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in CSP in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2020-6499 | 1 Google | 1 Chrome | 2020-06-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass AppCache security restrictions via a crafted HTML page. | |||||
| CVE-2020-6500 | 1 Google | 1 Chrome | 2020-06-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in interstitials in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2020-0092 | 1 Google | 1 Android | 2020-05-21 | 1.9 LOW | 5.0 MEDIUM |
| In setHideSensitive of NotificationStackScrollLayout.java, there is a possible disclosure of sensitive notification content due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145135488 | |||||
| CVE-2020-0100 | 1 Google | 1 Android | 2020-05-18 | 2.1 LOW | 5.5 MEDIUM |
| In onTransact of IHDCP.cpp, there is a possible out of bounds read due to incorrect error handling. This could lead to local information disclosure of data from a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-8.0Android ID: A-150156584 | |||||
| CVE-2020-0220 | 1 Google | 1 Android | 2020-05-15 | 4.6 MEDIUM | 6.7 MEDIUM |
| In crus_afe_callback of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-139739561 | |||||
| CVE-2020-12748 | 1 Google | 1 Android | 2020-05-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass the locked-state protection mechanism and designate a different preferred SIM card. The Samsung ID is SVE-2020-16594 (May 2020). | |||||
| CVE-2018-21233 | 1 Google | 1 Tensorflow | 2020-05-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc. | |||||
| CVE-2020-8896 | 1 Google | 1 Earth | 2020-05-08 | 4.3 MEDIUM | 5.9 MEDIUM |
| A Buffer Overflow vulnerability in the khcrypt implementation in Google Earth Pro versions up to and including 7.3.2 allows an attacker to perform a Man-in-the-Middle attack using a specially crafted key to read data past the end of the buffer used to hold it. Mitigation: Update to Google Earth Pro 7.3.3. | |||||
| CVE-2020-6827 | 2 Google, Mozilla | 2 Android, Firefox Esr | 2020-05-01 | 4.3 MEDIUM | 4.7 MEDIUM |
| When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. <br> *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7. | |||||
| CVE-2019-20785 | 1 Google | 1 Android | 2020-04-24 | 4.6 MEDIUM | 6.8 MEDIUM |
| An issue was discovered on LG mobile devices with Android OS 8.0 and 8.1 software for the DTAG carrier. RILD in the radio layer uses an uninitialized variable. The LG ID is LVE-SMP-180013 (January 2019). | |||||
| CVE-2019-20784 | 1 Google | 1 Android | 2020-04-24 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (MTK chipsets) software. Interaction of GPS with 911 emergency calls is mishandled. The LG ID is LVE-SMP-180012 (January 2019). | |||||
| CVE-2020-0077 | 1 Google | 1 Android | 2020-04-23 | 2.1 LOW | 4.4 MEDIUM |
| In authorize_enroll of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146055840 | |||||
| CVE-2020-0075 | 1 Google | 1 Android | 2020-04-22 | 2.1 LOW | 4.4 MEDIUM |
| In set_shared_key of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146057864 | |||||
| CVE-2020-0076 | 1 Google | 1 Android | 2020-04-22 | 4.6 MEDIUM | 6.7 MEDIUM |
| In get_auth_result of the FPC IRIS TrustZone app, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146056878 | |||||
| CVE-2015-9546 | 1 Google | 1 Android | 2020-04-13 | 5.8 MEDIUM | 4.8 MEDIUM |
| An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-06-16. In some cases, HTTP is used for an Inputmethod, rather than HTTPS. A man-in-the-middle attacker can modify the client-server data stream to insert directory traversal sequences into an extracted file path. The Samsung ID is SVE-2015-4363 (November 2015). | |||||
| CVE-2018-21061 | 1 Google | 1 Android | 2020-04-10 | 4.6 MEDIUM | 6.8 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) software. A fake charger can execute critical functions in the locked state. The Samsung ID is SVE-2016-6341 (August 2018). | |||||
| CVE-2018-21045 | 1 Google | 1 Android | 2020-04-09 | 2.1 LOW | 6.2 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is Clipboard access in the lockscreen state via a copy-and-paste action. The Samsung ID is SVE-2018-13381 (December 2018). | |||||
| CVE-2018-21048 | 1 Google | 1 Android | 2020-04-09 | 2.1 LOW | 6.2 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.x) software. There is a Notification leak on a locked device in Standalone Dex mode. The Samsung ID is SVE-2018-12925 (November 2018). | |||||
| CVE-2016-11035 | 1 Google | 1 Android | 2020-04-09 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with software through 2016-05-27 (Exynos AP chipsets). A local graphics user can cause a Kernel Crash via the fb0(DECON) frame buffer interface. The Samsung ID is SVE-2016-7011 (October 2016). | |||||
| CVE-2018-21068 | 1 Google | 1 Android | 2020-04-09 | 2.1 LOW | 6.2 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.0) software. Execution of an application in a locked Secure Folder can occur without a password via a split screen. The Samsung ID is SVE-2018-11669 (July 2018). | |||||
| CVE-2016-11034 | 1 Google | 1 Android | 2020-04-09 | 7.1 HIGH | 6.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. The decode function in Qjpeg in Qt 5.7 allows attackers to trigger a system crash via a malformed image. The Samsung ID is SVE-2016-6560 (October 2016). | |||||
| CVE-2018-21062 | 1 Google | 1 Android | 2020-04-09 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. When biometric authentication is disabled, an attacker can view Streams content (e.g., a Gallery slideshow) of a locked Secure Folder via a connection to an external device. The Samsung ID is SVE-2018-11766 (August 2018). | |||||
| CVE-2018-21076 | 2 Google, Samsung | 3 Android, Exynos 8890, Exynos 8895 | 2020-04-09 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x) (Exynos8890/8895 chipsets) software. There is information disclosure (a KASLR offset) in the Secure Driver via a modified trustlet. The Samsung ID is SVE-2017-10987 (April 2018). | |||||
| CVE-2018-21056 | 1 Google | 1 Android | 2020-04-09 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.x) software. The Smartwatch displays Secure Folder Notification content. The Samsung ID is SVE-2018-12458 (September 2018). | |||||
| CVE-2018-21053 | 1 Google | 1 Android | 2020-04-09 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is Clipboard access in the lockscreen state via a physical keyboard. The Samsung ID is SVE-2018-12684 (October 2018). | |||||
| CVE-2018-21080 | 1 Google | 1 Android | 2020-04-09 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x) software. A physically proximate attacker wielding a magnet can activate NFC to bypass the lockscreen. The Samsung ID is SVE-2017-10897 (March 2018). | |||||
| CVE-2018-21067 | 1 Google | 1 Android | 2020-04-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with M(6.0) software. There is an information disclosure in a Trustlet because an address is logged. The Samsung ID is SVE-2018-11600 (July 2018). | |||||
| CVE-2017-18646 | 1 Google | 1 Android | 2020-04-09 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. An attacker can bypass the password requirement for tablet user switching by folding the magnetic cover. The Samsung ID is SVE-2017-10602 (December 2017). | |||||
| CVE-2018-21092 | 1 Google | 1 Android | 2020-04-09 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. A crafted AT command may be sent by the DeviceTest application via an NFC tag. The Samsung ID is SVE-2017-10885 (January 2018). | |||||
| CVE-2017-18694 | 2 Google, Samsung | 8 Android, Exynos 5250, Exynos 5260 and 5 more | 2020-04-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with software through 2016-10-25 (Exynos5 chipsets). Attackers can read kernel addresses in the log because an incorrect format specifier is used. The Samsung ID is SVE-2016-7551 (January 2017). | |||||