Filtered by vendor Google
Subscribe
Search
Total
2922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6148 | 1 Google | 1 Chrome | 2019-07-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2018-16086 | 1 Google | 1 Chrome | 2019-07-01 | 5.8 MEDIUM | 5.4 MEDIUM |
| Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | |||||
| CVE-2018-6159 | 1 Google | 1 Chrome | 2019-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2018-16073 | 1 Google | 1 Chrome | 2019-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page. | |||||
| CVE-2018-6171 | 1 Google | 1 Chrome | 2019-07-01 | 2.9 LOW | 5.7 MEDIUM |
| Use after free in Bluetooth in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. | |||||
| CVE-2018-16074 | 1 Google | 1 Chrome | 2019-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page. | |||||
| CVE-2019-5785 | 1 Google | 1 Chrome | 2019-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | |||||
| CVE-2019-5786 | 1 Google | 1 Chrome | 2019-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||||
| CVE-2018-6150 | 1 Google | 1 Chrome | 2019-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2018-6128 | 2 Apple, Google | 2 Iphone Os, Chrome | 2019-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Incorrect URL parsing in WebKit in Google Chrome on iOS prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2018-6129 | 1 Google | 1 Chrome | 2019-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out of bounds array access in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||||
| CVE-2018-6130 | 1 Google | 1 Chrome | 2019-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of object lifetimes in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||||
| CVE-2019-5799 | 1 Google | 1 Chrome | 2019-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2019-5803 | 1 Google | 1 Chrome | 2019-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2019-5793 | 1 Google | 1 Chrome | 2019-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page. | |||||
| CVE-2019-5801 | 2 Apple, Google | 2 Iphone Os, Chrome | 2019-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2019-5800 | 1 Google | 1 Chrome | 2019-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2018-16064 | 1 Google | 1 Chrome | 2019-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in Extensions API in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | |||||
| CVE-2018-16069 | 1 Google | 1 Chrome | 2019-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Unintended floating-point error accumulation in SwiftShader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2018-17460 | 1 Google | 1 Chrome | 2019-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in filesystem URIs in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | |||||
| CVE-2017-5028 | 1 Google | 1 Chrome | 2019-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in V8 in Google Chrome prior to 56.0.2924.76 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2018-6168 | 1 Google | 1 Chrome | 2019-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2018-6177 | 1 Google | 1 Chrome | 2019-06-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2018-6142 | 1 Google | 1 Chrome | 2019-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Array bounds check failure in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. | |||||
| CVE-2018-6136 | 1 Google | 1 Chrome | 2019-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Missing type check in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2018-6134 | 1 Google | 1 Chrome | 2019-06-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| Information leak in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page. | |||||
| CVE-2019-2019 | 1 Google | 1 Android | 2019-06-21 | 7.1 HIGH | 6.5 MEDIUM |
| In ce_t4t_data_cback of ce_t4t.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-115635871 | |||||
| CVE-2018-9561 | 1 Google | 1 Android | 2019-06-20 | 7.1 HIGH | 6.5 MEDIUM |
| In llcp_util_parse_connect of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-111660010 | |||||
| CVE-2018-9563 | 1 Google | 1 Android | 2019-06-20 | 7.1 HIGH | 6.5 MEDIUM |
| In llcp_util_parse_cc of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-114237888 | |||||
| CVE-2019-2021 | 1 Google | 1 Android | 2019-06-20 | 7.1 HIGH | 6.5 MEDIUM |
| In rw_t3t_act_handle_ndef_detect_rsp of rw_t3t.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-120428041 | |||||
| CVE-2018-9564 | 1 Google | 1 Android | 2019-06-20 | 7.1 HIGH | 6.5 MEDIUM |
| In llcp_util_parse_link_params of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-114238578 | |||||
| CVE-2019-2020 | 1 Google | 1 Android | 2019-06-20 | 7.1 HIGH | 6.5 MEDIUM |
| In llcp_dlc_proc_rr_rnr_pdu of llcp_dlc.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-116788646 | |||||
| CVE-2019-2022 | 1 Google | 1 Android | 2019-06-20 | 7.1 HIGH | 6.5 MEDIUM |
| In rw_t3t_act_handle_fmt_rsp and rw_t3t_act_handle_sro_rsp of rw_t3t.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-120506143 | |||||
| CVE-2019-5798 | 2 Debian, Google | 2 Debian Linux, Chrome | 2019-06-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2017-0400 | 1 Google | 1 Android | 2019-05-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32584034. | |||||
| CVE-2016-6710 | 1 Google | 1 Android | 2019-05-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the download manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Android ID: A-30537115. | |||||
| CVE-2019-2053 | 1 Google | 1 Android | 2019-05-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| In wnm_parse_neighbor_report_elem of wnm_sta.c, there is a possible out-of-bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-122074159 | |||||
| CVE-2019-9635 | 1 Google | 1 Tensorflow | 2019-04-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file. | |||||
| CVE-2018-7576 | 1 Google | 1 Tensorflow | 2019-04-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent. | |||||
| CVE-2019-2038 | 1 Google | 1 Android | 2019-04-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| In rw_i93_process_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-121259048. | |||||
| CVE-2019-2039 | 1 Google | 1 Android | 2019-04-22 | 4.7 MEDIUM | 5.0 MEDIUM |
| In rw_i93_sm_detect_ndef of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-121260197. | |||||
| CVE-2019-2040 | 1 Google | 1 Android | 2019-04-22 | 4.7 MEDIUM | 5.0 MEDIUM |
| In rw_i93_process_ext_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-122316913. | |||||
| CVE-2019-5778 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2019-04-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension. | |||||
| CVE-2018-9517 | 1 Google | 1 Android | 2019-04-03 | 7.2 HIGH | 6.7 MEDIUM |
| In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931. | |||||
| CVE-2017-6284 | 2 Google, Nvidia | 3 Android, Shield Tv, Shield Tv Firmware | 2019-04-02 | 2.1 LOW | 5.5 MEDIUM |
| NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened encryption scheme that is unable to protect sensitive data which may lead to information disclosure.This issue is rated as moderate. | |||||
| CVE-2017-1000460 | 3 Ffmpeg, Google, Libav | 3 Ffmpeg, Chrome, Libav | 2019-03-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception. | |||||
| CVE-2017-0401 | 1 Google | 1 Android | 2019-03-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32588016. | |||||
| CVE-2017-0399 | 1 Google | 1 Android | 2019-03-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32588756. | |||||
| CVE-2017-0402 | 1 Google | 1 Android | 2019-03-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32436341. | |||||
| CVE-2018-4933 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2019-03-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||