Filtered by vendor Google
Subscribe
Search
Total
2922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6399 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2020-02-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2020-6405 | 1 Google | 1 Chrome | 2020-02-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2020-6412 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2020-02-17 | 5.8 MEDIUM | 5.4 MEDIUM |
| Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2020-6411 | 1 Google | 1 Chrome | 2020-02-12 | 5.8 MEDIUM | 5.4 MEDIUM |
| Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2020-6395 | 1 Google | 1 Chrome | 2020-02-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2010-3917 | 1 Google | 1 Chrome | 2020-02-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site. | |||||
| CVE-2020-0003 | 1 Google | 1 Android | 2020-01-29 | 3.7 LOW | 6.7 MEDIUM |
| In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-140195904 | |||||
| CVE-2015-1525 | 1 Google | 1 Android | 2020-01-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address. | |||||
| CVE-2019-13722 | 2 Google, Microsoft | 2 Chrome, Windows | 2020-01-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2014-9908 | 1 Google | 1 Android | 2020-01-13 | 3.3 LOW | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0.2, and 5.1.1, which allows malicious users to block Bluetooh access (Android Bug ID A-28672558). | |||||
| CVE-2019-13719 | 1 Google | 1 Chrome | 2020-01-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page. | |||||
| CVE-2019-13704 | 1 Google | 1 Chrome | 2020-01-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2019-13703 | 1 Google | 1 Chrome | 2020-01-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2019-13717 | 1 Google | 1 Chrome | 2020-01-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page. | |||||
| CVE-2019-13716 | 1 Google | 1 Chrome | 2020-01-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2019-13715 | 1 Google | 1 Chrome | 2020-01-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2019-13709 | 1 Google | 1 Chrome | 2020-01-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page. | |||||
| CVE-2019-13708 | 1 Google | 1 Chrome | 2020-01-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2019-13701 | 1 Google | 1 Chrome | 2020-01-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2016-5346 | 1 Google | 3 Android, Pixel, Pixel Xl | 2020-01-12 | 2.1 LOW | 5.5 MEDIUM |
| An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID A-32551280). | |||||
| CVE-2019-5845 | 1 Google | 1 Chrome | 2020-01-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-5846 | 1 Google | 1 Chrome | 2020-01-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-5844 | 1 Google | 1 Chrome | 2020-01-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-9471 | 1 Google | 1 Android | 2020-01-09 | 4.6 MEDIUM | 6.7 MEDIUM |
| In set_outbound_iatu of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-144168326 | |||||
| CVE-2019-9470 | 1 Google | 1 Android | 2020-01-09 | 4.6 MEDIUM | 6.7 MEDIUM |
| In dma_sblk_start of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-144167528 | |||||
| CVE-2019-2228 | 1 Google | 1 Android | 2019-12-23 | 4.9 MEDIUM | 5.5 MEDIUM |
| In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196 | |||||
| CVE-2019-13744 | 1 Google | 1 Chrome | 2019-12-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2019-13737 | 1 Google | 1 Chrome | 2019-12-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2019-19464 | 3 Apple, Cbc, Google | 3 Iphone Os, Gem, Android | 2019-12-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| The CBC Gem application before 9.24.1 for Android and before 9.26.0 for iOS has Unencrypted Analytics. | |||||
| CVE-2019-9464 | 1 Google | 1 Android | 2019-12-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141028068 | |||||
| CVE-2019-2227 | 1 Google | 1 Android | 2019-12-09 | 3.3 LOW | 6.5 MEDIUM |
| In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-140768453 | |||||
| CVE-2019-2226 | 1 Google | 1 Android | 2019-12-09 | 4.9 MEDIUM | 5.5 MEDIUM |
| In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140152619 | |||||
| CVE-2019-13681 | 1 Google | 1 Chrome | 2019-12-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page. | |||||
| CVE-2019-13665 | 1 Google | 1 Chrome | 2019-12-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page. | |||||
| CVE-2019-13675 | 1 Google | 1 Chrome | 2019-12-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page. | |||||
| CVE-2019-13676 | 1 Google | 1 Chrome | 2019-12-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2019-13677 | 1 Google | 1 Chrome | 2019-12-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. | |||||
| CVE-2019-5861 | 1 Google | 1 Chrome | 2019-12-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient data validation in Blink in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to bypass anti-clickjacking policy via a crafted HTML page. | |||||
| CVE-2019-5862 | 1 Google | 1 Chrome | 2019-12-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in AppCache in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | |||||
| CVE-2019-5867 | 1 Google | 1 Chrome | 2019-12-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out of bounds read in JavaScript in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-5852 | 1 Google | 1 Chrome | 2019-11-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2019-2196 | 1 Google | 1 Android | 2019-11-15 | 4.9 MEDIUM | 5.5 MEDIUM |
| In Download Provider, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135269143 | |||||
| CVE-2019-2198 | 1 Google | 1 Android | 2019-11-15 | 4.9 MEDIUM | 5.5 MEDIUM |
| In Download Provider, there is a possible SQL injection vulnerability. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135270103 | |||||
| CVE-2019-2209 | 1 Google | 1 Android | 2019-11-15 | 4.9 MEDIUM | 5.5 MEDIUM |
| In BTA_DmPinReply of bta_dm_api.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139287605 | |||||
| CVE-2011-1803 | 1 Google | 1 Blink | 2019-11-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.h in WebKit in Google Chrome before Blink M11 and M12 when trying to access a removed smil element. | |||||
| CVE-2011-2334 | 1 Google | 1 Blink | 2019-11-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| Use after free vulnerability exists in WebKit in Google Chrome before Blink M12 in RenderLayerwhen removing elements with reflections. | |||||
| CVE-2011-1802 | 1 Google | 1 Blink | 2019-11-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption). | |||||
| CVE-2011-2336 | 1 Google | 1 Blink | 2019-11-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue exists in WebKit in Google Chrome before Blink M12. when clearing lists in AnimationControllerPrivate that signal when a hardware animation starts. | |||||
| CVE-2011-2807 | 1 Google | 1 Blink | 2019-11-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of timer information in Timer.cpp in WebKit in Google Chrome before Blink M13. | |||||
| CVE-2011-2353 | 1 Google | 1 Blink | 2019-11-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| Use after free vulnerability in documentloader in WebKit in Google Chrome before Blink M13 in DocumentWriter::replaceDocument function. | |||||